What Did You Do on Data Privacy Day 2020? Do Tell Us.

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions. As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights.”

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions.

As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights” and take advantage of tips and tricks for safeguarding their privacy and security. In our world of marketing, there are quite a few self-regulatory and co-regulatory tools (U.S. focus here) that enable choices and opt-outs:

  • To opt out of commercial email, direct mail, and telemarketing in certain states, consumers can avail themselves of DMAchoice. For telemarketing, they can also enroll on the Federal Trade Commission’s Do Not Call database.
  • For data collected online for interest-based ads, consumers can take advantage of Digital Advertising Alliance’s WebChoices and Network Advertising Initiative consumer control tools, which are accessible via the ubiquitous “AdChoices” icon. DAA also offers AppChoices, where data is collected across apps for interest-based ads. [Disclosure: DAA is a client.]
  • Now that California has a new consumer privacy law, consumers there can also take advantage of DAA’s new “Do-Not-Sell My Personal Information” Opt Out Tool for the Web. Its AppChoices mobile app also has a new CCPA opt-out component for “do not sell.” Publishers all over the Web are placing “Do Not Sell My Personal Information” notices in their footers, even if others outside California can see them, and offering links to their own in-house suppression lists, as well as DAA’s. Some publishers are using new the Privacy Rights icon to accompany these notices.

Certainly, businesses need to be using all of these tools — either as participants, or as subscribers — for the media channels where they collect, analyze, and use personal and anonymized data for targeted marketing. There’s no reason for not participating in these industry initiatives to honor consumer’s opt-out choices, unless we wish to invite more prescriptive laws and regulations.

We are constantly reminded that consumers demand high privacy and high security — and they do. We also are reminded that they prefer personalized experiences, relevant messaging, and wish to be recognized as customers as they go from device to device, and across the media landscape. Sometimes, these objectives may seem to be in conflict … but they really are not. Both objectives are good business sense.

As The Winterberry’s Group Bruce Biegel reported while presenting his Annual Outlook for media in 2020 (opens as a PDF), the U.S. data marketplace remains alive and well. For data providers, the onus is to show where consumer permissions are properly sourced, and transparency is fully authenticated and demonstrated to consumers in the data-gathering process. It’s a rush to quality. Plainly stated, adherence to industry data codes and principles (DAA, NAI, Interactive Advertising Bureau, Association of National Advertisers, among others) are table stakes. Going above and beyond laws and ethics codes are business decisions that may provide a competitive edge.

So what did I do on Data Privacy Day 2020? You’re reading it!  Share with me any efforts you may have taken on that day in the “public” comments below.

Authentication Alliance Marks Data Privacy Day With Consumer Trust Best Practices

To mark World Data Privacy Day, Jan. 28, the Authentication and Online Trust Alliance published its top 10 list of privacy principles and business practices. These practices, many of which have been widely adopted by AOTA members, are calls to action for companies to help maximize consumer confidence and ultimately spur economic growth.

To mark World Data Privacy Day, Jan. 28, the Authentication and Online Trust Alliance published its top 10 list of privacy principles and business practices. These practices, many of which have been widely adopted by AOTA members, are calls to action for companies to help maximize consumer confidence and ultimately spur economic growth.

To me, it’s pretty simple: Adopt these principles or suffer the consequences of a consumer trust meltdown. And that could invite regulation, according to AOTA Founder/Chairman Criag Spiezel. Here’s what the group recommends you do, edited a bit:

1. Ensure all privacy policies are discoverable, transparent and written to ensure consumer comprehension, accessible from every page of a Web site and/or e-mail.

2. Periodically contact users and provide them with your company privacy policy upon any changes for their review; allow for provisions for consumer choice or their data usage.

3. Establish and publish procedures for data collection, transfer and retention; perform third-party or self-audits for compliance.

4. Support collaborative, global, public-privacy efforts to increase consumer awareness and education, as well as the adoption of fair information practices and privacy/security regimes (e.g., the appointment of a national chief privacy officer).

5. Support self-regulatory efforts to adopt standard data retention/use policies.

6. Set and publish standards of privacy, security and data retention policies with clear accountability between first-party sites and third-party content providers and advertisers.

7. Create response plans for accidental disclosure of personal information and data breaches, including notification to consumers and governmental agencies. Provide relevant remedies to consumers (e.g., no-charge credit record monitoring services to those affected, or other remedies as appropriate).

8. Commit to authenticating all outbound e-mail with Domain Keys Identified Mail and/or Sender ID Framework to combat forged e-mail and potential privacy exploits within six months.

9. Transactional sites should adopt Extended Validation Secure Sockets Layer Certificates within six months or upon existing certificate expiration.

10. All consumer-facing sites should obtain privacy certification and seals from third-party providers or other third-party consumer dispute resolution mechanisms.

More details can be found here.

Are you following these best practices? If not, why? Let’s start a dialogue on the subject. Post a comment now.