On January 1, 2025, major data-privacy laws took effect in Delaware, Iowa, Nebraska, New Hampshire and New Jersey, following another in Texas and preceding yet another in Tennessee. These are merely the latest in a series of regulations that have been accumulating for decades, and that reflect a resounding consensus throughout the United States and beyond: people should have a say in how their information is collected, used and distributed. For many marketers, this means change.
Making personal connections with consumers is just good business. Doing so at the expense of basic privacy, however, is decidedly not good business. Even in regions where data privacy is not yet extensively regulated, marketers who instead build their systems to serve both the consumer and the company will earn the goodwill of their customers while preparing their business for regulations yet to come. Below are four actionable steps marketers can take to do just that.
1. Reassess Data Collection
For many years, accessible data was seen as usable data. Companies freely collected, used, sold and bought consumers’ information to construct targetable profiles—often without their knowledge. This is no longer an option. Many regions now require explicit consent for data collection and processing, and marketers will need to reassess their data collection systems as a result.
To begin with, existing data collection practices must be audited to eliminate any that are excessive, noncompliant or potentially unethical. Marketers can then begin to build a progressive profiling system. Such a system should only collect case-relevant data which consumers are explicitly willing to disclose. This will require marketers to incorporate value propositions that encourage buy-in from prospects, as well as assurance that their data will not be misused. All data collection points should be regularly reviewed and extensively documented to protect against potential litigation
Marketers who do this the right way will not only steer clear of legal trouble, but will enjoy the competitive advantage of having more ethical and efficient data collection. Consumers do not remember invasively-targeted communications fondly. They do, however, feel respected by requests for their consent. Limiting data collection to only the most relevant data will also make for a more effective and focused customer experience.
2. Reevaluate the Tech Stack
Data collection is one matter; use is another. Many regulations are now scrutinizing sales and marketing technologies to ensure security and consent. CRMs that automatically track, analyze and profile consumers must meet rigorous standards in many cases. Older automations which were not designed with privacy in mind will therefore need to be reevaluated to meet and, ideally, exceed the expectations of the law.
The primary concern, both ethically and legally, is the security of consumer data. All information that the prospect or customer has willingly provided must be stored and handled with care to avoid leaks of any sort. Next, the CRM must be audited to ensure that all analysis is relevant, necessary and compliant with local regulation. All automated, targeted marketing efforts must provide opt-out functionality. Sales and marketing teams should be trained to maintain these standards going forward.
As before, ethical practices will more than make up in quality for what they sacrifice in quantity. Reputation goes a long way, and sales prospects will be far more eager to do business with companies that offer them a choice in the use of their data. Data leaks are also a major reputational liability—not to mention the potentially devastating effects on consumers themselves—that all marketing departments will do well to negate.
3. Establish a Transparency Policy
Both the public and the law now operate under the assumption that companies are dealing furtively with consumer data. This is for good reason; years of abuse and a total lack of clarity from some of the world’s largest companies have left the public wary. New regulations are therefore requiring unambiguous reports on customer records and data usage. Privacy policies are falling under close inspection, and users want to know what happens to their information.
The first step is updating the privacy policy. The policy should be written in clear terms that are in line with legal requirements and readable to the general public. Data uses should be plainly enumerated and explained. The user should have full understanding prior to consent, rather than giving uninformed consent and being unpleasantly surprised later in their journey. Marketers should then regularly update consumers about their data usage. This reassures consumers that the company has their best interest at heart and protects either party from misunderstandings.
By adopting a policy of transparency, marketers can build stronger relationships with their customers. They will garner a reputation for trustworthiness and establish themselves as a market leader in the public eye. This status—combined with freedom from legal concerns—will gain favor with investors, reduce risk and drive new business.
4. Bottom Line
Concerns over data privacy have been brewing for a long while. The major regulations which have recently come into effect, and which will only increase as time goes on, should therefore serve as a sign to marketers that it’s time to sail with the wind. By choosing to embrace the move toward security, transparency and consent, marketers can position their companies for the future rather than the past. And, in doing so, they may just find themselves doing better business than ever before.
Angela Hill is Area Managing Partner, CMO & CSO at Chief Outsiders.
Network
