Data U

Learn about the legislations forcing change to data privacy

  • HOW COMPANIES COLLECT AND USE PERSONAL DATA

    Companies collect data in a variety of ways and from many sources to understand who you are. Most commonly, companies collect data by directly asking, indirectly tracking or by appending other sources of data to yours. In addition to collecting, companies may share, purchase or sell data from third-parties. Information such as, name, address, email, phone numbers, rent or own, home price, average income, number of children, age, ethnicity, type of car you drive is used to provide tailored marketing offers and valuable services to earn your business or keep you as a loyal customer. In recent years, laws and regulations have been drafted and passed to give consumers more control and protection over their own data. Data U is dedicated in providing you the information that you need to know about your data rights.

  • PERSONAL IDENTIFIABLE INFORMATION (PII) LEGISLATIONS IS FORCING CHANGE ON PRIVACY REGULATIONS THAT GOVERN DATA COMPILERS AND RETAILERS OF THE USE OF YOUR DATA

    Tens of thousands of companies collect PII data daily. The individual has no way to manage or control the use of their information. Legislation enacted into law gives individuals the right to protect, control and determine who is allowed access to their data.

  • OVERVIEW OF THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

    Government actions limiting personal data will go into effect January 1st, 2020.

  • Key Components of the CCPA

    According to the text of the consumer privacy act, which is also known as AB-375, the law gives Californians the right to: 1. Know what personal information is being collected about you. 2. Know whether your personal information is sold or disclosed and to whom. Say no to the sale of personal information. 3. Access your personal information. 4. Retailers to provide equal service and price, even if they exercise their privacy rights. The CCPA gives citizens the right to bring a civil action against companies that violate the law and stipulates that damages will be between $100 and $750—or higher if more damage can be proven. Plus, the state can bring charges against a company directly, levying a $7,500 fine for each alleged violation not addressed within 30 days.

  • How CCPA Will Affect Marketers?

    Like Canadian Anti-Spam Law (CASL) and General Data Protection Regulation (GDPR), CCPA will affect companies outside of the jurisdiction of the law. That's because it's often easier to comply with the higher standard than try to address audiences differently. Nearly 40 million people live in California, which is about 12% of the U.S. population and a larger community than lives in Canada. California's economy is also outsized, at $2.7 trillion. If California were a country, it would be the fifth largest economy in the world. California is a marketplace that many brands inside and outside the U.S. can't ignore. They will have no choice but to comply with the consumer privacy act. That said, compliance should be relatively easy for brands that are already in compliance with GDPR.

  • How will businesses consider responding to the privacy regulations and what will be the best practices for data collection that are informed by the consumer privacy act (CCPA):

    ● Reconsider whether to use third-party data. The CCPA gives consumers the right to know "the categories of sources from which the personal information is collected." If a company buys third-party data beyond what is publicly available about their customers or prospects, it will eventually come to light via a CCPA request, so any company uncomfortable explaining that should consider halting the practice.
    ● Companies need to reevaluate the data fields on forms and profiles. The CCPA is part of a direct shift toward data transparency that spurs businesses to make greater use of data that is collected directly from their customers. Is there information received via third-parties that could be asked directly from customers and prospects? Longer forms increase abandonment rates, but smart, progressive profiling at the right moments can maximize completion rates.
    ● Companies should only collect data for specific immediate use. Data is power, but it's also increasingly a liability. With that process, companies can limit that liability by being selective about what data they save, particularly when it comes to personally identifiable information (PII).
    ● For meeting compliance and legislation, a system needs to be developed that allows consumers the ability to manage and control their information, when requested. Both CCPA and the GDPR stipulate that consumers have the right to be forgotten and require that any data a company has on them be deleted. There are some caveats on what data a business can retain for legal, compliance, and business reasons, but a mechanism must exist to delete all other information about a consumer quickly.
    ● Companies should not sell customer or user information. However, if they partake in that practice, then the CCPA requires them to keep a record of all sales for 12 months and provide a "clear and conspicuous" link on their website with the call-to-action "Do Not Sell My Personal Information" so consumers can opt-out of that practice. Selling the data of children 16-years-old and younger have even more requirements. Having a link or button and other permission requests would surely raise privacy and security concerns for would-be customers. However, companies can avoid the need for a link or button by not selling customer information. Link to CCPA Legislation

  • GENERAL DATA PROTECTION REGULATION (GDPR)

    The General Data Protection Regulation (GDPR), the EU’s new privacy law, aims to bring order to a patchwork of privacy rules across the EU. As GDPR is a regulation, not a directive, it has binding legal force and was enforceable as law in all EU member states on May 25, 2018.

  • Who Does GDPR Impact? What Effect Will This Have on Marketing?

    GDPR will affect every company that uses personal data from EU citizens. If a company collects email addresses and sends emails to subscribers in the EU, they must comply with GDPR—no matter where a company's headquarters resides.

  • Stricter Regulations for Collecting Consent

    With GDPR in place, businesses can only send email to people who've opted-in to receive messages. While this has already been the case in most European countries under the EU Privacy Directive, GDPR further specifies the nature of consent required for commercial communication. Starting in May 2018, brands have to collect affirmative consent that is "freely given, specific, informed and unambiguous" to be compliant with GDPR.

  • New Requirements for Consent Record Keeping

    The GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. In some countries like Germany, the burden of proving consent has always been the responsibility of the company that collected the opt-in. For many other marketers, however, this requirement is a new challenge to tackle.

  • Getting Your Existing Data Up to The New Standards

    Going forward, email marketers will have to change how they collect and store subscribers' consent. But that's only half of the story. GDPR also applies to all existing data. If a database includes subscribers who have not provided consent according to the GDPR's standards, or if the company can't provide sufficient proof of consent for some contacts, they can't send email to those subscribers anymore.

  • What If Companies Don't Stick to the Rules?

    GDPR not only comes with stricter regulations around consent and the use of personal data but also with higher-than-ever penalties for businesses that don’t comply. Non-compliance with GDPR can lead to fines of up to €20 Million or 4% of a brand’s total global annual turnover (whichever is higher). Link to GDPR Legislation: Link 1 to GDPR Legislation Link 2 to GDPR Legislation

  • CANADA’S ANTI-SPAM LAW (CASL)

    Canada's Anti-Spam Legislation (CASL) is one of the world's strictest anti-spam laws, and it has been keeping email marketers busy since its introduction in 2014. CASL requires email marketers to keep a record of the permissions they gain from subscribers, including information on when and where consents occurred. If a brand gets challenged in court, the burden of proving permission always lies with the sender. Primarily if a brand relies on implied consent, keeping track of the date of consent and the expiration date is critical for remaining CASL-compliant.

  • July 1, 2017, marks the final phase of CASL’s rollout

    Seven years after the law passed—and after a period of gradual implementation and transition—the law will finally be fully implemented. Companies who've heavily relied on implicit consents to build their lists in the past will likely have to remove large numbers of addresses from their lists this summer—at least if they don't manage to get explicit consents in the next few weeks. For companies needing to get consumers permission, this might be the last chance to run a campaign to (re-)collect consent—ideally expressed one—and keep those subscribers on the mailing list. Link to CASL Legislation:

  • VERMONT PRIVACY LAW

    Vermont's new data privacy law seeks to protect consumers from data brokers through four crucial mechanisms.
    Transparency: Data brokers must annually register with the state. When doing so, they must disclose whether consumers may opt-out of data collection, retention, or sale, and if so, how they may do so. A data broker must also disclose whether it has a process to credential its purchasers, and its number of security breaches.
    Duty to secure data: Data brokers must adopt comprehensive security programs with administrative, technical, and physical safeguards.
    No fraudulent collection: Data brokers may not collect personal information by fraudulent means, or for harassment or discrimination.
    Free credit freezes: Credit freezes are an essential way for consumers to protect themselves from the fallout of a data breach. Many businesses will not extend credit absent a report from a credit reporting agency, and a credit freeze bars these agencies from issuing a report until a consumer lifts the freeze when they want credit. Vermont already empowered consumers to use credit freezes to protect themselves from credit fraud. The new Vermont law bars credit agencies from charging consumers fees for this protection.
    Further, the Vermont law does not require any form of consumer consent for data collection or sale. Instead, it only requires data brokers to publicly disclose whether there is a way for consumers to opt-out, and if so, how. In some cases, data brokers should be required to obtain consent to collect or sell a consumer's personal information. For example, the new Vermont law defines "personal information" to include biometrics, and no one should be allowed to collect or sell someone else's biometrics without their informed, opt-in consent. Link to Vermont legislative

Send a Message

Sed diam nonummy nibh euismod tincidunt ut laoreet dolore magnais.