Last week I suggested companies could take advantage of new privacy laws to create a competitive edge. It didn’t take long for one of my colleagues to say that while I had made it clear “why” this was the case, there wasn’t much to be found on “how” it could happen.
Here is the key paragraph: “The value of thinking about these new laws as not just a drag on commerce is that almost every country on the planet has or is planning privacy legislation of its own. Many will be based on the form and focus of the European law and the first companies to move as quickly will have a chance to create generational market advantage.”
It boils down to the fact that the new laws are comprehensive, but almost every requirement creates an opportunity for a few who see compliance as permission to engage.
Here are some examples:
The European law requires companies to designate a data protection officer. Such an appointment is intended to lead to better internal policies, practices and procedures (and be “one neck to wring” when problems arise). That’s the compliance part. That corporate officer can also be the public face of the commitment. Every new, not fully understood yet, publicly impactful business development becomes an opportunity to explain it and thereby enhance reputation.
The right data protection officer can speak to the issue overall (educating the market), the actions of the company (reinforcing consumers’ choice) and the value of the practice (how collecting data links directly to better products and service).
The California Consumer Privacy Act requires companies to offer two ways by which consumers can make contact. It assumes people will have questions and, as the law allows, want to know what information these companies have collected.
Having cataloged the information, created the buttons for consumers to push and mandated a time-frame by which the requests must be answered, why sit and wait by the phone? There is real market power in not waiting to be asked but to offer.
The recent move by Microsoft to build a privacy dashboard for customers who can then access and edit/delete information collected, essentially extends rights under the European law to citizens elsewhere. This is just the kind of offer that accrues to a company’s reputation.
It shouldn’t be long before another privacy-forward thinking company moves the offer from an accessible dashboard to active engagement. Using the permission granted by a first-party relationship (an, “I know you, you know me” kind of thing) pushing out at least the availability of an analysis of data held. Seeing the origin and use of data would help create confidence in privacy compliance and perhaps, drive deeper customer loyalty.
Consider how a visual representation of “My data” in the form of an “Ancestry Composition” chart from companies like 23andMe.com would provoke unexpected, informative and anxiety-reducing reactions.
Finally, the new laws require more than new talent, they require new training. The good news is that compliance is not a secret sauce, it is table stakes. The way companies play their hands is what will make them valuable beyond compliance.
At a minimum, all the new policies, practices and procedures will need to be rolled out company-wide. But with only incremental, additional effort, training can be made publicly valuable. Think first of providing guidance along the supply chain (contributing the insight of experience or even the development of a new service). Then think of the need industry-wide (from advocacy to certification). Then think of how to measure possible new market reach thanks to new privacy laws and regulations.
These are just three of the requirements of the European and California laws that are not just something to be done, but a jumping off point for things that can be done. In fact, there are a host of new marketing initiatives that extend far beyond this short list.
