As compliance laws get stricter and data breaches become more common, the methods companies use to obtain consumer data for their business purposes are under more scrutiny than ever before.
Privacy laws would have consumers believe that every organization is committed to collecting data in purely ethical ways. But some companies are now admitting to having questionable data collection practices: According to a recent survey from KPMG, nearly 30 percent of executives admitted that the way their companies collect personal data is “sometimes unethical.” Further, 33 percent said consumers should be concerned about how their company uses personal data.
Unethical data collection will have big consequences down the road and could eventually lead to data laundering—if it hasn’t gotten to that point already. Data laundering is like money laundering: It involves obtaining data illegally and then running it through a legitimate business to make it seem authentic and legally obtained. Companies might use this type of practice to get around data compliance regulations, especially as new technologies emerge to collect and leverage data. Or, companies might be completely unaware that they are buying illegally obtained data. This could eventually lead to costly lawsuits and poor results down the road if leaders make business decisions based on what they don’t know is inaccurate data.
Knocking Out Unethical Data Collection
The California Consumer Privacy Act (CCPA)—the first statewide privacy regulation that passed in the US—includes safeguards to protect against data laundering. Companies are obligated to inform consumers where they got the data from any time a consumer makes an inquiry. This not only gives consumers additional rights and insight on how their data is being used, but also makes organizations more aware of their data sources.
Enforcing this rule, however, is another story. While current state privacy laws are loosely modeled after the General Data Protection Regulation (GDPR), they are lacking a few key things to enforce these laws. The GDPR includes the Data Protection Authorities, a separate committee whose job it is to assess companies that have complaints against them—and then fine them if appropriate. This contrasts with the US, where the Attorney General’s (AG) office is named as the body in charge. You can imagine how busy the AG already is, which means data privacy enforcement could end up on the backburner.
Passing a federal law might alleviate this problem, because it would likely come with a separate committee committed to enforcing privacy regulations, like the one GDPR has. But for now, the AG is the only enforcer. In the meantime, unethical data collection only serves to erode consumer trust.
Building Consumer Trust
Consumer mistrust can be detrimental to a company. And, when it comes to data privacy and security, consumers are already skeptical of what companies are doing behind the scenes with their data. The same KPMG survey asked consumers about this topic and found that 40 percent of respondents didn’t trust companies to behave ethically with their personal information. This is quite shocking, as it could forecast how consumers vote on privacy laws in the future and how vocal they might choose to be regarding what enterprises can and cannot use their data for.
Lastly, the survey also found that 70 percent of executives said their companies have increased the amount of personal information they collected in the past year. This is likely due to companies continuing to collect and use a large amount of data for things like artificial intelligence (AI) capabilities and to personalize their offerings. Responsible data collection would ensure these goals remain ethical and effective.
In the future, consumers may choose to become more involved regarding what data they want to provide, how long it will be stored, and more. Recently passed state privacy laws are starting to give consumers more of a voice in this department, including the Right to Restriction, which supports consumers’ ability to tell a business they cannot share or sell their data to third parties. These new laws also allow consumers to opt out of a company using their data for advertising and storage purposes, among other things.
Meeting Clean Data Standards with PKWARE
Whether you’re cleaning data out after uncovering unethical data gathering practices or responding to a consumer’s Right to Restriction regarding their personal data in your systems, it’s important to have a solution that can find all that data, no matter where it is stored across the enterprise, from databases to endpoints, on-prem and in the cloud. PK Protect is purpose built to help businesses locate, protect, and even delete private and sensitive data, empowering compliance with regulations such as GDPR, CCPA, and more, as well as maintaining consumer trust regarding how you collect, store, and share their personal data.
Make sure you know where your data is—and where it came from—with the help of PK Protect. See how our solutions work on your data by requesting your free personalized demo.