While the U.S. does not have one federal law that regulates the protection of personally identifiable information (PII), PII is protected by several sector-specific laws. The major players are the Federal Trade Commission Act (FTC Act), the Telephone Consumer Protection Act (TCPA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), and the EU’s General Data Protection Regulation (GDPR). These are just some examples of laws that apply to customer protection, financial institutions, telemarketing, commercial emails, and European markets.
While there is much to consider, businesses in the U.S. can be data compliant by fulfilling the requirements of the GDPR, understanding state-specific regulations, creating a comprehensive and detailed privacy policy, and employing data encryption and security. Please find more detail on how to be a “smart marketer” below (including bonus tips!).