Big Data Created One Heck of A Big Problem

What happened between the time Big Data was fashionable and the latest in Privacy regulation?

In 2013 I had the honor of speaking as a part of a panel at the ARDA convention. The panel topic was one of the hottest in the world of marketing – Big Data. Specifically, the panel was designed to address how to use existing data to better increase customer engagement, what are the best practices in data collection, storage, and security, and – at the end of the day – how to enhance the customer experience to the point of gaining severe loyalty. The presentation focused the audience on the following primary questions:

1. What is Big Data and why is Big Data such a hot topic across all industries?
   • For the record, according to Wikipedia – Big data is a field that treats ways to analyze, systematically extract information from, or otherwise, deal with data sets that are too large or complex to be dealt with by traditional data-processing application software.
2. What are some ‘worst practices’ we should keep in mind as it relates to using data?
   

Much of the answers to these questions centered around the technology needed to capture and manage the information. In fact, many companies had already begun the process of figuring it all out. As different ways of collecting data were being adopted, management of the data became much more paramount.’

Then, as smart marketers, we began to develop our own strategies and – like many instances where we have solutions – we created fatigue.

Big Data and the related elements were the rages – the talk of the town. We all know the amount of data exhaust our customers left behind includes mountains of personally identifiable information (PII). With that information, we could target our messaging to the point that no-nit was too small to pick.
What has happened since then is the result of those pesky ‘worst practices.’ Those tactics have created so much data exhaust, that they fashioned fatigue around consumers… fatigue so prevalent that regulations were created as a natural by-product.

The European Union’s General Data Protection Regulation (EU) 2016/679 (GDPR) piqued my interest in 2015 when it popped up on my radar. As a result of this landmark legislation, a path was emerging dealing with data privacy.

In what data analysis and survey firms commonly rely upon, l “poor man’s research” will give you enough information to start looking for patterns. I have been conducting poor man’s research and find that, after six (6) years, 100% of the people I spoke with answered my question the same way.

“Do you prefer or not prefer that I invade your privacy”? I am certain you can surmise the answer. Please call me if you cannot, I am happy to help.

Simply put, GDPR gives an EU citizen the right to ask what is being done with their data along with the ability to request any PII be removed from your system. Every step in the journey is culpable. From the company collecting information to that which is using the information. The provider to the user. And, just to head off the “I don’t do business in the EU” retort, believe me, they will still fine you (a lot!) for any violation and you will not want to do business in the EU again.

The issue has now expanded to a much more onerous set of regulations found it the California Consumer Privacy Act of 2018 (now the CCPA of 2020). It went into effect and has some real teeth. Simply put, if you are going to sell the information about a consumer – for any reason – you are obligated to tell them.

In both cases, this article has barely scratched the surface of what is covered. Each time a new law is passed, a new set of regulations is created. For example, Virginia just passed their own version of a privacy law and presently in the process of determining the regulations that will satisfy the intent of its legislature.

And, there is more – more – more. 47 states are currently working on their own legislation to regulate what you do with the consumer data you collect.
CustomerCount – a data analysis and survey firm – routinely deploys several million surveys per year. It seems counter intuitive to remove data from a survey system, but CustomerCount must comply with all requests for privacy, since it is a data “provider”. Your survey company must comply to each such privacy request!

Shades of Do Not Call? You bet it is. 51 different sets of regulations to deal with in the United States alone…and still counting.

The Enterprise Communications Advocacy Coalition (ECAC) is a group of marketing communications companies, formed to make certain Congress and the FCC/CTC understand industry concerns. ECAC has delivered its policy requirement on the need for a single uniform consumer privacy law to appropriate members of Congress. (Disclosure – I am a member of its Board of Directors).

Keep in mind the California and Virginia legislatures recently enacted strong statutes seeking to protect the privacy of consumers’ PII and vesting consumers with control over how their personal information is used and shared. ECAC applauds their efforts as we all should.

Who does not agree with privacy protection?

(As I write this, I am interrupted by a phone call soliciting information about my business and its shipping needs. Let’s assume that this was a legitimate call in that it really came from my shipper. It had an 800-number caller ID so there was no way to validate the source of the call. Why is that important? Because they would like to have the information – but there was no trust factor. And, they probably have a need to talk to me from time to time.)

So, for example, if you currently operate an inbound customer service contact center (reservations for instance), you are not exempt from the new privacy laws and regulations that are coming your way.

Stuart Discount of SMD Contact Center Consulting advises, “Inbound customer service contact centers were immune mostly from do not call regulations. Welcome to a patch work of state data privacy regulations that are different in scope and enforcement. Some including CCPA have a private right of action, where consumers can sue those who do not adhere to regulations or just make an honest mistake”.

He adds, “These actions can grow into multi-million-dollar class action lawsuits similar to what has happened with TCPA laws. Every contact center must take these rules seriously and obtain professional advice on how to comply. I suggest that you join efforts such as the ECAC’s to talk to elected officials about the adoption of one federal set of data privacy laws. It will be far better for your business.”

SOLUTIONS

• Let’s break some of this down – General rules of Privacy Compliance
• Appoint a dedicated privacy professional as a part of your EX team
• Look for and retain a compliance consultant or qualified attorney (specialist, not generalist)
• Determine consumer communication preference
• Gain consent
• Measure and respect your customer’s trust
• Be certain you IT group and/or data management groups AND systems are fully informed and compliantly capable

I will be working on Capitol Hill to try to get all of this boiled down to a single set of intelligent regulations. In the meantime, it will help the cause if your organization would start the internal processes necessary to get into compliance with GDPR, CCPA and the very soon to be Virginia Consumer Data Protection Act (“VCDPA”), passed in March, 2021 and currently being defined by its Attorney General.

Privacy regulation is not in the future – it is here and it is serious and it commands attention.

Bob Kobek is the President of Mobius Vendor Partners, a business process management and consulting firm, and CustomerCount, an online survey system serving the hospitality community. Kobek is a veteran of Capitol Hill and has worked on Federal and State communication issues in his many roles for various trade associations and business coalitions. He can be reached at bobkobek@mobiusvp.com.