Reltio Supports Apple CEO Tim Cook’s Clarion Call for Stronger US Customer Data Privacy Laws
Manish Sood, CEO & Founder, Reltio
Apple CEO Tim Cook's call for a U.S. privacy law, similar to GDPR (General Data Protection Regulation), is appropriate and timely. Five years ago this initiative would have been too big of a burden for companies because customer data is siloed throughout organizations in dozens or hundreds of separate systems. But today modern data management solutions that include technologies like machine learning empower organizations to implement data governance and privacy initiatives at scale, and are an essential part of their overall Customer 360 data strategy.
GDPR has irreversibly changed the landscape for single customer view data projects for companies doing business in Europe. And there are lessons we can learn from businesses that have gone before us. Early efforts to comply with data mandates at the application level have come up short. Upholding GDPR principles, as companies have quickly realized, requires an enterprise data layer approach to PII (Personal Identifiable Information).
Virtually all companies have customer data scattered across multiple networks and lines of business -- the only way to manage this data sprawl so that customer data privacy compliance is assured is to discover, organize and control all customer data from internal, external and third-party sources. If that sounds like a tall order, the good news is that we at Reltio have already developed and implemented best practices that include the essential ingredients for ensuring customer data privacy for some of the largest global enterprises by:
Identifying all systems managing customer data
Blending different types of data
Understanding data ownership
Identifying data shared outside the organization
Maintaining data lineage across all customer attributes
Managing different types of consent, and their sources
Providing customers a way to make data-related requests
Deploying processes for required data access, change and deletion
Implementing a mechanism in place for timely reporting of a data breach
Whether it’s correlating omni-channel transactions to customer master records and understanding, to determining how each customer is related to other members of a particular household, to whether those disparate household members have consented to their data being used and for what purpose. Maintaining data lineage to data sources and tracking to downstream applications so we know from where a customer profile attribute originated and which applications are using it is critical. This is the power of technology that enterprises already have to ensure customers are protected under the right to be forgotten stipulation. (As an aside, the right to be forgotten is a bit of a misnomer. The regulation actually stipulates that a company is required to retain evidence that they ‘forgot’ a customer. Make sure you pick a vendor who understands these nuances or your efforts may be undermined.)
Under GDPR, individuals are entitled to data erasure, which means that at their request, all traces of their information must be purged, including legacy transaction data that might reside in activity logs. In sum, this mandates a comprehensive customer profile with a 360-degree view that can accommodate data-change requests and the ability to generate privacy compliance reports fast.
Organizing data with a modern data management platform for growth strategies like new revenue models, improved customer experience, or other initiatives results in clean, reliable data with built-in customer data privacy compliance.
A comprehensive customer-centric data management strategy that delivers data privacy capabilities is built on four pillars:
Consolidated profiles: Organizations need the ability to collate all data from internal, external, third-party and social sources. At the same time, they must have the power to trace and maintain data lineage across all attributes. This sweeping level of visibility is invaluable in the event of a data breach.
Managing relationships: Graph technologies play a unique role here -- they offer a deeper and more accessible understanding of relationships between stores, locations, channels and types of consent. It also helps to trace the adult consent for capturing the data of a minor.
Data change requests: This is a critical requirement for GDPR compliance, and companies need to step up. Built-in workflows in the systems used should accommodate all customer data change requests, deletion requests, review requests and more.
Data as a Service with traceability: Drawing from third-party sources is a major benefit, but GDPR compliance requires tracking which attributes came from where.
Those that view a U.S. privacy law as a regulatory burden rather than an opportunity have not yet internalized what it means to be a customer-driven company. Your customers’ privacy is already table stakes today and is part of your responsibility as you serve them. Compliance towards protecting customers’ privacy is a journey not a destination – get the right platform in place today so you can meet any regulation or concern that they might have. You’ll find that it will improve your brand, and customer loyalty, and that’s just good business.
I’m proud that Reltio has been a pioneer in empathizing, understanding, anticipating and embracing customer privacy concerns, and that we’ve embedded product capabilities into our Reltio Customer 360 solution. I completely agree with Tim Cook’s call for a similar U.S Privacy law and as Reltio customers can attest they are already ahead of the game, with Reltio governing their sensitive customer data at scale throughout their organization using master data management, graph, and machine learning technologies.