Do You Know How To Protect Your Audience’s Data?

From that pair of shoes that won’t stop following you around the Internet to the way it seems like the topics that come up in conversation with your friends somehow find their way into targeted advertisements you see online, our data is used by marketers worldwide.

And in recent years, survey data reflects that this makes most of us uncomfortable: In 2019, Pew Research Center found that 81% of the public say that the potential risks they face because of data collection by companies outweigh the benefits.

For business owners, this stat is an important one to keep in mind – not just because it reflects how we should be respecting the wishes of the people we serve as customers, but because we’re now legally required to.

In 2016, the European Union signed a piece of legislation called the General Data Protection Regulation (GDPR) into law. GDPR gave individuals in the EU protected rights – such as the right to be informed about how their data is being used by private companies, the right to opt out, and the right to demand deletion of their data from company records.

In turn, GDPR required businesses to put new practices in place to ensure they were adequately representing to individuals how their data was being collected and to collect data only in the spirit of necessity.

So, what does this have to do with business owners in the United States?

As GDPR went into effect, two things happened: First, Big Tech companies like Apple started putting practices into place to honor audience demand for privacy. In late 2021, the company rolled out the iOS 14.5 update that allowed users to mask their email activity through its Hide My Email feature and forced app developers to ask users for permission to track their activities, rather than those activities being tracked automatically. (Somewhere between 75 to 89 percent of users declined that tracking, which is telling.)

In addition, nine U.S. states have adopted data privacy legislation with similar tenets to the EU’s GDPR, meaning that companies who serve audiences in those states will have to comply. Many other states are considering similar measures, and there is a pending federal bill currently in consideration.

While we don’t yet know if the U.S. will ever have a federal privacy bill, we do know that we have to honor the state-level laws already in place. Getting started requires understanding of a few fundamental components.

First, understand compliance requirements. In some states, businesses that collect fewer than 50,000 audience records per year or generate less than $25M in revenue will be exempt in ways that larger businesses will not. But regardless of your exempt status, it’s worth taking the time to think about how you want to position your brand long-term: What would it mean to your audience to know that you value their right to privacy? Are there gains to be realized by you embracing privacy compliance even if you’re not required to? This is a strategy conversation worth having.

Second, evaluate your privacy policy to ensure you’re properly making your audience aware of how you ingest and share their data. If you’re utilizing even basic external services – like social media – you’re engaging third parties in your business practices. If you upload your audience’s email addresses to use paid advertising or send mass marketing email, you’re sharing your audience’s data externally. Similarly, if you use Google Analytics on your site, you’re giving Google permission to access your site visitors’ information – which Google then owns and can use for its own purposes. You’re responsible for ensuring your audience knows that and that they’ve been given the opportunity to opt out of sharing their data via your site.

Third, know what information qualifies as Personally Identifiable Information (PII), because it’s the information you’re charged with protecting on behalf of your audience. It includes any information that directly identifies an individual, like name, address, social security number, telephone number, and email address. Be thoughtful about what information you actually need from your audience and weigh whether the reward for obtaining it outweighs the risk that comes with caring for it.

As a business owner, keep your eyes on what’s changing from a legal perspective – but also keep a pulse on what your audience cares about. If you wouldn’t share your data in the ways you’re asking your customers to, it’s worth taking a second look at your strategy and evaluating whether there’s a better way of doing business.