How to prepare for the new state privacy laws in 2023
Since the California Consumer Privacy Act was passed in 2018, multiple states announced their intentions to launch their own comprehensive privacy bills.
Nevada’s Senate Bill 220 Online Privacy Law and the Maine Privacy Act soon followed the CCPA, and as it stands, there are three new privacy laws set to come into effect in 2023 (California's CPRA, Virginia's VCDPA, and Colorado's CPA). It's not a question of whether more states will follow suit, but when.
While 2023 may seem like a long way off, it will come around quicker than you think. It is never too early to prepare - particularly when it comes to updating your data privacy processes to remain compliant. You definitely don't want to be at risk of regulatory action, while the country, and the rest of the world, are introducing and tightening laws on data privacy.
In the lead-up to the new state privacy laws, which will be effective in just 11 months, the IAPP (International Association of Privacy Professionals) suggests brands & website owners pay particular attention to the removal of cookies and Adtech strategies.
In this blog, you’ll find five tasks that market leaders can do to prepare ahead of time for the new privacy laws, so you don’t run into problems down the road. We’ll also give you the solution to your data privacy needs, so you can spend less time worrying about data breaches and more time on business growth.
1. Revisit your opt out strategy
There’s nothing worse than being bombarded with content from a company you don’t have any interest in, and not knowing how to opt out. Simplicity and transparency are your best friends when it comes to consumers and their data.
Take the time to thoroughly assess your opt out strategy from your consumer’s point of view, and ask yourself these questions:
- Is it easy to understand?
- Is it easy to use should someone want to opt-out?
- Does it cover all the ways you collect and use data?
- Does it actually work? (Very important!)
Boltive Privacy Guard™ audits your data for prohibited retargeting, unauthorized data collection, and failed consent strings to verify that your Consent Management Platform handles your opt-outs properly, and consent strings are sent to partners.
2. Review your data partners
You may know you’re doing everything to safeguard your data in-house, but can you say the same thing about your data partners? It’s vital that you understand how your partners approach data privacy and, if necessary, switch to a partner who takes compliance and security as seriously as you do.
When reviewing your partners, check that your data protection agreements are clear, and find out if they protect you in the event of a data breach due to their lax practices. Don’t forget to also take stock of who your partners are working with to ensure your data is not sent somewhere it’s not supposed to be.
Boltive Privacy Guard™ makes this easy too, as you can audit your partners for consumer opt-out compliance, no matter how far stream your data goes. That way, you know you're keeping your consumer's data from being misused, as well as keeping yourself from regulatory action as a result of another company's actions.
3. Make sure your team are all on the same page
First things first - get close to your privacy team/person (and if you don’t have one…you know what your first task is!). Keeping this line of communication open is critical to your success. They know the ins and outs of your privacy processes - as well as the jargon - and can help your teams balance risk management with appropriate use of data to fuel your business.
An efficient and simple way to assess risk and opportunity both in-the-moment and long-term is using a company-wide tool that helps you stop the bad stuff in its tracks, while helping you navigate the ever-changing world of advertising. Privacy Guard™ does both!
Our synthetic user personas browse the open web like your consumers, sending thousands of data points to your dashboard and flagging breaches. When it comes to deciding how to tackle a cookie-less future. You can compare emerging audience targeting solutions (such as Unified 2.0 and Google Privacy Sandbox) head to head to find out which is best for you. Your teams, and your privacy team, will thank you!
4. Put everything in writing
If you haven’t already, document your privacy program. And if you have, review it to make sure it’s up to date. Come up with data backed, well-thought through privacy strategies, and share this document with staff, partners, and stakeholders to improve alignment and drive business results.
You wouldn’t expect your team to understand your entire advertising strategy without easily accessible processes, documentation, and reporting, would you? As we mentioned earlier, transparency is key. If your team doesn't fully understand your data privacy program and goals, how are they to join together in one united effort?
5. Regular auditing
You shouldn’t take a “once and done” approach to your data privacy program. As we’re seeing with the new legislation coming our way, it is an evolving landscape that you need to stay on top of.
According to Statistica, the majority of people in America are at least a little worried about their personal data being collected online, with only 17% saying they weren't worried at all. Regular auditing is needed to ensure that you are compliant and your consumers' data remains safe, even when it crosses hands.
We mentioned earlier that you should review your data partners. But do you have a way to verify that your partners actually do what they say with your data? To do this, you need data points that identify unauthorized sharing. When you gather these, you can stop it and get accountability from those partners if something goes wrong.
The Boltive Risk Index (BRI™), a feature of Privacy Guard™, quantifies your exposure by scoring your ads, partners, data collectors, and user segments to show if your partners' data practices are violative and putting you at risk of regulatory action.
Prepare for the new state privacy laws with Boltive Privacy Guard™
Let us stay on top of ongoing privacy changes, so you don’t have to. Privacy Guard™ keeps your data safe inside and outside your enterprise, so you can stop worrying about regulatory action, reputation damage, and business disruption.
Created with the co-author of CCPA and legal experts, this is the first tool to simulate consumers’ web journeys, verify that consent management works, and ensure that your data isn’t sold or shared unlawfully.
Our patented technology is a codeless solution, which means no system integration is required. It’s easy to add to your current tools without adding weight to your site or ads. Just set up your personas and run.