Don’t get caught short because you think that compliance with privacy regulations doesn’t apply to you! While legislation and enforcement were a bit slower in 2020, it looks like 2021 will be a cavalcade of compliance changes that everyone should be following. As an in-plant, you may think that the compliance issues are for folks elsewhere in the organization to track, but take some time to be aware so you aren’t surprised if you are asked to change processes!
Understanding Compliance Basics
Compliance refers to the things an organization does to ensure that all rules, regulations, and laws that apply to the business are followed. The requirements of compliance include safeguarding all personal data, but that is just the beginning. There are HIPAA regulations in health care and in financial services, there are Gramm-Leach-Bliley (GLB) regulations. They add levels of security and auditing to ensure personal data isn’t casually accessible. Some companies think that if they meet those requirements they are compliant with all laws, but in the growing world of privacy regulation, that isn’t necessarily true!
Compliance requirements surround how you use data and how you can share data with partners, sell lists to list brokers, or even co-brand with other organizations. If your website collects IP Addresses or internet cookies to allow digital storefronts to populate customer information, how that data is managed is the subject of compliance laws.
The take-away is that if you collect and hold any data, compliance is your responsibility. It does not matter if the data concerns your in-plant stakeholders or the people they communicate with through your services. You are responsible for the data. Here is why that is important!
What’s New for 2021
The California Consumer Privacy Act (CCPA) went into full force in 2020. While there are legal challenges, there are also lawsuits that have been accepted by the courts where people who do not live in California are suing over the use of their data. This means that no matter where you are, if the data you use has ever touched California you could have some legal risk of the data is used in a way that a person objects to. The courts have held that name and address data is owned by the addressee, opening the door to these types of lawsuits.
And, it’s about to get more interesting on several fronts. California is moving toward updated legislation, the California Privacy Rights Act (CPRA), that adds even more regulation to how data can be used. A dozen other states are also in the mix. Some have already enacted legislation while others are expected to bring legislation to the table this year. Some look remarkably like CCPA, while others were written from scratch. And there is interest in Congress in creating federal privacy legislation, too!
If your in-plant mails only inside your state and you have opt-ins recorded for all of the addressees, pay close attention to what is happening in your state legislature.
If your in-plant mails nationally, you have a bigger challenge. As each state makes decisions about what privacy rights they want to manage, how they want to manage them, and what the responsibilities of the mailer might be, you may find that there are conflicts.
Whether you are a large organization or a small one, someone should be managing compliance requirements and communicating changes to the print shop so that everyone is educated and clear on obligations. For example, if someone opts out of solicitation mailing for a university, and that information isn’t communicated to the print shop before the next mailing, there could be a liability problem. If you are using programs to scan customer communication to build personalized responses, have your risk management team look at how you use the data to ensure you aren’t running afoul of existing or pending legislation.
Full disclosure! I am not a lawyer. I don’t even play one on TV. This is a beat I cover and I have had great help from my lawyer in tracking compliance legislation. In all cases, talk to your risk management, compliance, and legal teams to ensure that you are doing all you can to remain compliant in our ever-changing world!
Questions? Drop me a ping on LinkedIn or drop me a note at [email protected]!
Pat McGrew helps companies perform better in the print hardware, software and printing services industries. Promoting Best Practices for your Business, Pat leverages years of working as an executive, marketer, analyst, industry evangelist and consultant to enable business growth. She covers workflow and bizflow effectiveness, management and messaging for products, services, and businesses.
From owning a software company to serving the market, her experience spans all customer communication channels (CCM, ECM, ECP, EMM) and segments: transaction, data-driven and static marketing, packaging and label print, textiles, and production commercial print using offset, inkjet, and toner.
An experienced professional speaker and co-author of 8 industry books, editor of A Guide to the Electronic Document Body of Knowledge, regular writer in the industry trade press, podcaster and host of #PrintSampleTV, Pat won the 2014 #GirlsWhoPrint Girlie Award for dedication to education and communication in the industry, and the 2016 Brian Platte Lifetime Achievement Award from Xplor International. She is certified as a Master Electronic Document Professional by Xplor (lifetime status), and as a Color Management Professional (CMP), CMP Digital, and BrandQ Professional by IDEAlliance. Find Pat on Twitter as @PatMcGrew and on LinkedIn.