Last week, my colleague Chris Herman blogged about the recent panel at the mid‑year ABA meeting in Chicago. The panel provided differing views on privacy from the regulator, industry and consumer perspective. FI&C's Ron Raether participated, as well. In its discussion, the panel also provided some insight on how companies that use data and the regulators that monitor their activity on behalf of the consumers interact. These various perspectives provide a framework for the manner in which a fast-moving compliance issue, like privacy, gets addressed: from many pressure points within the free market place.
Exhibit A: The Data Broker Accountability and Transparency Act, or DATA Act, recently sponsored by Senators Rockefeller (W.V.) and Markey (Mass.). The bill, amongst other things, seeks to provide consumers access to data held by large data brokers serving the marketing industry. Not only would consumers get access to these data repositories, but they also would legally have the right to have such information corrected, if errant, and also opt-out of the use of their personal information for marketing purposes. Privacy advocates and some critics of the big data companies generally see such regulation as essential to provide transparency in the data collection and usage practices of big data companies. Furthermore, some advocates express concerns that a lack of transparency in the companies' use of the information could lead to abuse in the form of unfair marketing, opportunistic advertising (e.g., sending ads for higher interest rate products to those who allegedly have bad credit). Indeed, Senator Rockefeller's sees the bill as an attempt to prevent such "deceptive practices."
Critics of the bill view it as an overreach and say it actually presents a security risk to the information. Furthermore, a couple of the big data companies, Acxiom and Epsilon, have already launched product offerings through which consumers have many of the rights secured in the DATA Act. In particular, through these products, a consumer can access personal information either company has on them, correct it if need be, and opt out of marketing uses of their information if they so choose. Indeed, one regulator, the Commissioner of the FTC, has provided cautious, but optimistic support for such product offerings.
So what does all this mean? I think it means the marketplace is working the way that it should. Just as the panelists discussed in Chicago, industry and technology must evolve quickly and will often do so ahead of legislation, business pressures or consumer desires. Do the recent product developments by Epsilon and Acxiom demonstrate this? Cynics might say the companies provided the transparency and consumer choice to opt out only to avoid trouble with regulators and only at the last minute to stave off legislation like the DATA Act. These same cynics might say these companies most certainly did develop these products for the consumers' good. Maybe so. Or, perhaps the companies recognize in addition to the publicity that ensuring accuracy in its information is simply seeking to better serve its customers. Either way, these companies are responding to pressures in the marketplace -- be they business or regulatory. Is this not what a free market does? Beyond that, the discussion demonstrates many of the things we have blogged about here when it comes to addressing privacy as part of any business plan.
1. Transparency matters. This is true in all aspects of business, but particularly with information privacy and security. What do they say? People fear what they do not understand? If your customers do not understand your business and what you do with their information, how likely are they to stay with your company, much less give it more business (or information)?
How to be transparent.
- Ensure privacy policies (internal and external) match up and are accurate.
- Make it easy for your customers to understand what information your company has and provide them the means to access it and ensure it is accurate.
- Make sure you show customers that you use commercially reasonable means to keep their information secure and provide them ways to ask questions about all of this.
2. Privacy builds consumer trust and brand loyalty. How you handle information privacy and security is just one more way for a customer to decide if they trust the way you do business. This not only determines if they stay with your company on a day-to-day, purchase-to-purchase basis, but it also determines how likely they are to stay with you when, not if, you have a data breach. The recent Target breach is a good example of both the negative and positive sides of this coin.
How to build trust.
- Do your homework and make sure you understand what your company does and does not do with your customers' personally identifiable information.
- Then, have clear policies and procedures on the handling of customer data in line with these practices.
- Make sure you have agreements in place with subcontractors and vendors to ensure they do nothing to weaken your policies and procedures (or your commitment(s) to your customer).
- And when you have a data breach, respond quickly and in a controlled manner. Communicate in a timely manner with your customers and, if applicable, regulators.
These are but a couple of the benefits of proactively addressing information privacy and security. It truly can be the gift that keeps on giving. The only question is when is your company going to do it? When it is in line with your business plan and budget? Or when a legislator takes aim?
