Momentum is building for national data privacy regulations.
Even if Congress doesn’t enact specific legislation soon, online privacy and data security has already become a leading public relations issue. Companies that violate privacy agreements or mishandle personal data may find themselves in a devastating PR crisis—and in today’s digital environment, almost all organizations collect personal data.
Information technology and legal departments are at the forefront of corporate efforts to protect consumer data, but communicators must gain expertise in data privacy since the issue directly affects corporate reputation and trust.
Stringent data collection laws may also eventually impact PR measurement. If laws restrict social media networks and other technology firms from collecting data, PR professionals may have less data to analyze.
Federal Privacy Act in the works
If passed, the Consumer Online Privacy Rights Act drafted by Sen. Maria Cantwell (D-Wash.) would provide the first nationwide bulwark for online privacy regulation. The bill establishes strict standards for the collection, use, sharing and protection of consumer data, and penalizes companies that fail to uphold its standards. To enforce rules, it would establish a new bureau within the Federal Trade Commission. It also permits consumer lawsuits against violators.
“In the growing online world, consumers deserve two things: privacy rights and a strong law to enforce them,” Cantwell stated in a press release. “They should be like your Miranda rights—clear as a bell as to what they are and what constitutes a violation.”
It’s not a matter of if, but when, more stringent data privacy laws are coming, and savvy communicators must prepare their organizations accordingly.
A patchwork of privacy rules
California enacted legislation that, effective, Jan. 1, 2020, grants consumers significant control of online data that companies collect. The law affects companies nationwide, as it applies to all that do business in the state or collect data from residents.
Cantwell’s bill would leave California’s law intact and let other states pass their own privacy rules. That raises the possibility of a patchwork of 50 different state regulations—in addition to national standards and the European Union’s General Data Protection Regulation. Bills are already moving through other state legislatures, which means compliance in one state doesn’t guarantee good standing in another.
Legal experts recommend focusing on the most stringent rules first, then working back from there, in order to handle multiple regulations in different jurisdictions.
Recommendations for communication pros
“Now, nearly every industry represents a technological venture in which consumer data serves as currency, either literally or figuratively,” warns Ben Billingsley, founder of Broadsheet Communications, in Forbes. “That means no matter which industry you serve, it’s incumbent upon you to understand the intricacies of consumer privacy legislation and company policies, as well as the general and specific risks that your clients face — and to be able to properly advise them.”
Billingsley offers more recommendations for PR pros:
- Understand what kind of data your clients—all of your clients—manage.
- Incorporate data and privacy risk assessments into onboarding and client check-in protocols.
- Fight for input into data collection and security policies in order to help shape policies.
To stay relevant—and to secure a more influential seat at the corporate table—comms pros must master new data collection regulations. Consumers are (rightfully) warier about their personal data than ever, and legislators at the state and federal levels are passing online privacy laws to meet the outcry. Those who ignore this crucial trend are bound to end up on the wrong side of a reputational nightmare.
A version of this post first ran on the Glean.info blog.