Privacy Best Practices

Do you want to improve your PrivacyGrade? Here are the best practices we recommend you implement.

Our research shows that companies who follow consumer data rights regulations benefit from 10-15% longer consumer engagement on their website, and their visitors are 10% more likely to click to other pages when compared to websites that are not granting consumers control of their personal data.

Build trust by honoring your users’ privacy, and you’ll increase engagement, return visits, and revenue.

Centralize data governance so all systems implement and respect same rules

There are so many different systems that collect or contain data from different sources, partners and employees, all seeking to access and use the data for different purposes. It can be a Wild Wild West of competing priorities, disparate systems, and careless players taking liberties. So companies first must make sure these systems all abide by the big rules of play.

A privacy signal is no good unless it's received and acted upon, not just in a single system, but in every connected system. The policies for handling privacy signals need to be declared in a central command center. You need to sleep at night with the confidence that those policies are propagated and enforced everywhere your data flows.

Offer transparency and ease-of-use to empower your consumers.

Honor the data dignity of consumers by granting them control. Show consumers where their data is stored, how it is used now and will be used moving forward. This is done by delivering intelligent consumer privacy experiences that respectfully engage consumers.

We all know the web’s dreary banners that ask us to accept a company’s use of data. That’s happening because regulations tell us to do that - but how is that a good user experience? Innovative companies are winning the Data Rights Revolution by showing that they’re good stewards of consumer data.

Begin by recognizing that consent banners on web pages aren’t enough. What happens if a consumer accesses your site through a different channel and different device? They should have a seamless, interactive, intelligent mechanism that serves up the right privacy experiences at the right time, in the right place. Not “log in here on your iPhone, over here again on your desktop, wait wait, just one more time on your iPad." They also recognize that when a consumer wants their data back, these businesses can respond swiftly because they understand everything about where it is and how it’s used.

All this needs to happen at a granular level--e.g., your consumer might be comfortable with their data being used for analytics, but not for targeting. Gain a competitive edge by obtaining consent so you can continue using data to drive your business forward while cultivating  consumer trust.
Creating this next-level type of consumer experience is like splitting the atom: It's hard, but getting it right unlocks massive energy and value for businesses and their consumers.

Enact privacy signals throughout all internal and external systems

Finally, and most importantly, offer more than just consumer control and compliance. Recognize that when a consumer asks for their data to be deleted, they expect you to make it so. They don’t want you to record the request, and likely forget it.

Meaning: You should propagate that consumer’s deletion request across all internal systems, and orchestrate all of the data processing that’s underway (in systems for demand fulfillment, analytics, recommendations, billing, etc.) without so much as a hiccup or a stutter step.

But wait, it gets even more complicated than that. According to regulations like GDPR and CCPA, you need to propagate that request to all of your partner systems (for instance, service providers you use for things like email, text messaging, commerce, etc.), and those downstream partners are legally required to catch and enact the request as well. Recognize that data governance isn’t just something you have to get right within the four walls of your own business; it’s something you have to enact across your entire ecosystem.

Honor the data dignity of your customers while also preserving and unlocking its power for your core operations and competitive initiatives. By doing this, your business will be equipped for success in this evolving data rights landscape. Yes, this is hard, but you don’t have to go it alone. Learn more