While the U.S. does not have one federal law that regulates the protection of personally identifiable information (PII), PII is protected by several sector-specific laws. The major players are the Federal Trade Commission Act (FTC Act), the Telephone Consumer Protection Act (TCPA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), and the EU’s General Data Protection Regulation (GDPR). These are just some examples of laws that apply to customer protection, financial institutions, telemarketing, commercial emails, and European markets.
Comply with GDPR. For a U.S.-based business to comply, the organization must do so under one of the following legal grounds outlined by the GDPR. While a business usually has a legitimate interest to process personal data, obtaining the subject’s consent is the easiest way to ensure compliance in the U.S. It is helpful to know that the fundamental rights and freedoms of the person always overrides the company’s interests, especially if it’s a child’s data.
Tip: You should make it easy for individuals or visitors to revoke consent at any time.
Be Familiar with State-Specific Laws. While there is no singular federal law on data compliance, several states in the U.S. have created laws to ensure regional protection. Here is a summary of some important state-specific data compliance laws:
Image sources: Varonis
Tip: Please note that a state’s data compliance law does not just affect businesses in the state, but also affects businesses that deal with their residents.
Tip: We highly recommend that businesses serving California residents include DNT disclosure in their privacy policies.
Employ Security and Encryption Processes. Businesses need to enforce safety measures that will prevent unauthorized access or theft of PII data offered by a client right now. We recommend that staff with data access be trained on sensitive data handling, security, and protocols. A background check is also required. If a breach occurs, it is important to communicate it to the individual as soon as possible, which will leverage a business’ transparency to ultimately aid in branding efforts.
Tip: Incorporating the above best practices will more effectively protect a business if there is a data breach. Your business is less likely to face penalties as the offenders will not be able to easily decipher the encrypted text.
We understand that being a smart marketer in 2021 can be overwhelming. Our goal is to help drive your success. From data compliance to keeping privacy at the forefront of your omnichannel strategy, we are here to help.
Senior Vice President – Data & Analytics
Research provided by Ask Wonder. Additional sources include Thompson Reuters, Iubenda, Varonis, and Kaspersky.