Understanding privacy data and what it means to each individual has become more critical than ever. In a data-first world, we need to know how businesses get our information, how they use it, and what the regulations are around the uses.

Let's say you're applying for a new credit card or loan; your data is or becomes available to financial companies when they conduct a credit check. When they pull your records to see if you're eligible, they access your personal data to determine your approval. Information like credit scores, number of bank accounts, average balances, loan history, and defaults, etc. 

In recent years, Google and Facebook gained access to user data (approx. 5 billion users combined) and completely changed the game for data privacy. Together, they have a massive global database (nearly half the world's population), and each user's online activity gets tracked; what they are doing, the websites they are visiting, people they are chatting with, advertisements they are clicking on is all collected and stored inside this database.

If you open your browser and start browsing the web and discover an ad for shoes on sale, you can equate that to announcing to the world that you clicked on an ad that led you to Zappos.com, your shoe size is 7 1/2, and you bought a pair of red pumps for $79.00 using a 15% off coupon you received via text message after you opted-in to a pop-up on their homepage. This is what businesses want to learn from your activities and today’s technology around third-party cookie tracking and sharing of information across the advertising data platforms. 

Tracking happens in many ways. Browsers have various spies of their own called Toolbar extensions; they can potentially collect data on all the activity that we do on a browser. Then, our internet service provider (ISP) or the phone companies could decide it wants in on the action and can monitor our activities/locations, etc as well. 

What's next, adding spies directly on our computers and devices? YES. These are called third-party cookies, and they track the various websites you visit across different browsers, devices, and even apps. They share their findings with other businesses systems, and eventually, your data makes its way in front of teams of people that are analyzing your patterns online. The moment you open a browser or go online, you're pretty much naked. Wherever you go, your information is accessible to a lot of companies in many ways. Although all of this is generally collected anonymously, nonetheless such information is collected today and you as a non-geek consumer have little say. 

Of course, Google and Facebook are the biggest beneficiaries of this whole data holding or data collection. And with having too much data comes too much power. So much power that regulators like the European Union felt they needed to do something about it and passed the General Data Protection Regulation (GDPR), which is the strictest privacy and security law in the world. 

Thanks to the EU, GDPR has started to take shape, and companies worldwide are paying attention to data privacy regulations that are being introduced in many parts of the world and are inevitable to avoid. These regulations are now in place because regulators realized that Google and Facebook needed a check and balance. But, it's not just Google and Facebook that will need to comply, but every business that tracks data will likely need to cooperate.

This introduces a new challenge because not every business can comply with these regulations for many reasons, one being that these regulations are not black and white. And not to mention, the scenarios and interpretation of the regulations vary and can cause a lot of confusion. In other words, things might get a bit hairy. 

Big companies for whom these regulations were created, are already complying. They saw the writing on the wall and are ready to show the data they are collecting from consumers. Today an individual can go directly to Facebook and request all the data they have on you, and Facebook will give you a data dump right away. Google and other big companies like Twitter or even Walmart decided early on to get their act together and made the consumer data they collected from individuals available to share if ever the individual requested their own data. 

Smaller companies are usually the ones that struggle the most with compliance. They don't have legal counsel or data teams that can entirely understand the issue and work through a solution. They are busy bootstrapping their business, and their sales and marketing efforts usually involve the collection of email addresses for mass email marketing campaigns or buying data to find the right audience on the internet for their digital advertising efforts. . Suppose with these efforts they acquire 100,00 customers overtime, and the customers provide addresses and phone numbers, and other data captured through customer support, CRM, or ecommerce systems, and a customer requests their data, they will then need to have a process in place that can quickly retrieve the user's data and consolidate it from all different systems and online channels. 

Additionally, businesses use a variety of systems and technology platforms that also have access to all that data, and how these platforms use the data will eventually come into question. Most businesses are unaware that they need to ensure that the vendors or providers they use have a clear-cut agreement that states they will not use or share the data with anyone else. This creates risk for companies because most vendors don't look for these clauses about data sharing in their contracts and agreements and share the data with others, causing a security or privacy breach.

So what is the solution? How does a business become compliant? Start with the basic requirements that are not only common to GDPR and CPRA (California Privacy Rights Act) but to any data privacy regulation that's coming up across the world. The basics include having an inventory all the consumer data being collected and shared by your business, and giving consumers the right to access their data and decide if they want to delete or update it. With the growing concern around data privacy (like Apple's iOS 15.2 update), giving people the right to limit sharing of sensitive information will go a long way for your brand.

Many years back, when someone in Europe wanted Google to remove their data from the search results, and regardless of their reasons, whether it was negative or not, that someone claimed it was their right to delete their data from Google's search results. This claim is why we now have the right to delete harmful (or not) data from Google, Facebook, and other businesses. But as usual, there is always a grey area. What data are you referring to exactly?

When we say data privacy or ask a company to give me all the data you have on me, what exactly are we asking? How is data actually defined? If the company uses ten systems to manage my data, does that mean they need to search and retrieve the data from all ten systems? What if the data is in a contract and that company is required to hold on to it for x number of years in case of an audit? Or what if the data is in a PDF file sitting on someone's desktop and not necessarily in a system? Does the company have to search for all the data, content, and documentation and delete it no matter where it may be sitting? Let's say a flash drive at the bottom of a filing cabinet?

If you want to get a head start on managing data privacy, using technologies like LayerFive, a Unified Customer Data Platform (or CDP), can track and collect all your data across all sources and channels and put it in one place. It aggregates the data, consolidates it, and creates a unified consumer view allowing you to satisfy data privacy requests that come in. If a consumer asks to see all their data, you now have an automated and scalable process to retrieve their data, no matter how big or small your company might be. 

Another benefit is managing your approach to pulling and keeping the data in case of requests. Do you want to keep the data together all the time and store the unified view in one place? Or do you want to collect all the data about a user and only pull the data upon request? Both options become incredibly easy because the information already exists and is nice and tidy for your consumer to view.

At LayerFive, we believe that rather than waiting for a consumer to come to you, submit a data request, and then have your team scramble to understand what it means and retrieve the data the best you can, why not pull the data together all the time? Your consumers can access it anytime, there is zero friction, and your business will look like a well-oiled machine. And now, you have a consumer intelligence engine that can power other business areas like marketing and sales. 

In my next post, I'll share how using a Unified Data Platform like LayerFive can help you get a single view of your consumers, create custom ads, and personalize the customer journey using identity Resolution. 

About LayerFive

Customer data platforms like LayerFive help companies unify their data, gain deeper insights, and stay compliant with privacy regulations. Contact us here to schedule a demo and explore how you can benefit from a CDP platform.