National Data Privacy Law: It's Time
Manish Sood, CEO & Founder, Reltio
One of the most anxiously awaited moments of this year was General Data Protection Regulation (GDPR) taking effect on May 25, 2018. Global organizations, including those based in U.S. and serving worldwide, and those doing online business, had to put in massive efforts for compliance with this rigorous data protection regulation.
The act has generated passionate debate across the Atlantic, with many wondering if the U.S. was also ready for such a critical initiative. My answer would be a resounding YES, as the circumstances leading to EU regulation are equally valid here. The digital economy continuously generates a huge amount of data, from online searches to point of sales (POS) transactions. More often than not, individuals are unaware that their personal data is collected and their actions are constantly tracked. Many recent incidents have further highlighted the issues of gathering individual data without consent from smart devices, personal assistants, and online activities. Several large-scale breaches and cases of data misuse have made the situation worse.
A comprehensive data law would be a step in the right direction, making citizens aware and in control of their private information including their social profiles, images, pictures, device IDs, as well as their medical and financial details.
Apple CEO, Tim Cook recently supported stricter data privacy laws to protect consumer rights. His support comes at a time when individuals hardly have any control over their personal data that is open to use and misuse. Similar to pre-GDPR Europe, the U.S. has varying laws across states and these scattered regulations create confusion. The goal of a national law is to ensure consistent implementation and bring clarity to consumers. It can offer protection against data misuse with future technology and future social trends. For the technology industry, new developments can be planned to handle data privacy appropriately, if a comprehensive law is in place.
Some organizations may consider GDPR a regulatory burden, but they must acknowledge that their customers’ privacy is at risk and they need to act on it. However, making privacy an integral part of customer data management may not require an extra effort. It can be built into the data management strategy. Being a customer-driven company implies being accountable for customer privacy. There’s no two ways about it.
What would it entail if the U.S. enforces a national data privacy law? And what would it mean for businesses?
With the GDPR announcement, businesses initially responded with exasperation, though they soon realized that this challenge was a welcome opportunity to revamp their data management strategies. A lot of companies had their data in silos, streaming from multiple channels and multiple systems, and in assorted formats. They indeed needed to bring all the data together, clean and organize it, and make it uniformly available. Proper organization of data not only helps with ensuring privacy and security but also helps enterprises understand the customer better and make customer-facing business processes more efficient.
Many companies used traditional master data management systems but still faced the challenge of handling big data intelligently. For compliance, they needed to blend different types of data and manage ownerships, while handling different consent types, their sources, data-related change requests, and report mechanisms in case of data breaches.
Under GDPR, individuals can request access and changes to their personal data as well as complete data erasure, including the archived transaction data. This stipulation required provisions for a comprehensive customer profile with a 360-degree view, which can accommodate the data-change, review, or deletion requests and generate compliance reports fast.
Besides the full control of consent and personal data, compliance involved stringent data traceability requirements. While collating data from internal, external, third-party, and social sources, companies needed to ensure complete visibility with data lineage across all attributes, which can be exercised in case of a data breach. Data as a service needed complete traceability of any data sourced from a third-party. Full trace of the adult consent for capturing the data of a minor meant creating, exploring, and managing complex data relationships.
Any national level data privacy law in the U.S. will require similar compliance from companies dealing with customer data. Considering that most activities in the current digital economy generate data, this would encompass practically all companies.
Though the challenges appear huge, technology is on hand to offer competent modern solutions. The typical master data management systems have now made way for modern master data management platforms designed for customer 360 that enhance data organization and correlate omnichannel transactions at the big-data scale, incorporating modern cloud technologies. The use of advanced graph technology, machine learning, and predictive analytics help companies make compliance a part of their overall data strategy and not an afterthought. In a way, strong compliance requirements have sped up the development of smarter data management systems.
If the U.S. implements a data privacy law now, the framework is already there, and these intelligent platforms can comply efficiently. A comprehensive data strategy coupled with such platforms can maintain compliance even with fast data influx.
While the preparation for complying with data protection focuses on the privacy and control of data, the added benefits are just as evident. For organizations, it offers an opportunity to clean up their data management practices, streamline the processes, and update security measures.
Companies that have followed GDPR mandates have a better control of their data than ever before. This improvement enables them to venture into new markets, use advanced metrics to make marketing campaigns more effective, and offer a much better customer experience. Strong regulation may make companies temporarily defensive by planning for risk minimization, but in the long run it will move companies towards offensive strategies for higher profitability and customer satisfaction.
Compliance towards protecting customer privacy is a journey, not a destination. This journey will not only meet regulation requirements but also help improve the brand and customer loyalty. In fact, it will boost the business’ bottom line while protecting customer privacy. What can be more win-win than that?
The media, lawmakers, technology industry, and social groups are voicing their concerns for privacy, a fundamental right of individuals. While each stakeholder may have their own agendas for pushing for a strict regulation, the common consensus is that we must protect our personal data from use without our explicit consent.
It’s time to tame the data and protect the customers. It’s time for a national data privacy law.