Companies in 2020 must comply with more data privacy laws than ever before. Effective on January 1, the California Consumer Privacy Act (CCPA) contains the most complex data privacy compliance requirements in U.S. history. Some other states have their own requirements, and more states are following suit; many are considering data protection laws while their legislatures are in session.

Compliance with the CCPA and other relevant privacy laws and industry standards involves much more than a brief privacy law update and presents multiple opportunities for customer engagement. Consider using those opportunities to enhance your relationship with your customers. How companies handle consumer data has already become one way in which consumers evaluate whether to do or continue doing business with a particular company. Poorly handled data privacy issues quickly create negative customer experiences, online reviews, and bad press. Differentiate your company by handling customer data — and customer relationships — with intentionality and care.

Here are some ideas to turn data privacy law compliance into a positive user experience:

• In privacy policies, privacy statements, and terms of use for websites, use engaging language that shows how your company values its customers. Demonstrate that the company sees the value in the customer’s data and in the way the customer wants his or her data used and protected.
• Ensure that you are not saying too much in your privacy policies and privacy statements. Many companies say more than the law requires, which can be alienating and confusing to consumers and may unnecessarily bind your company to actions that are not legally mandated and that are unnecessary.
• Consider that how you treat your employees’ personal information also creates a user experience — and your own employees can be your best (or worst) ambassadors.
• Ensure that when your customers interact with your third-party business partners, it’s clear which company’s privacy policies govern.
• Don’t bury consumer privacy information on your website.
• Minimize the hoops that the customer must jump through to enforce his or her rights under the law.
• Swiftly respond to consumer requests regarding their data, not just within the time that the law mandates.

Here are some ideas to prepare your company to take advantage of these types of opportunities:

• Audit the language in your privacy policies, privacy statements, and terms of use, not just for legal requirements, but also for general tone. Consider whether they are easy to understand.
• Carefully consider how you use your customers’ data. Do you need to use or retain individual data, or will anonymized or aggregated data points suffice? Use what you need (with appropriate consents) and not more.
• Have a comprehensive plan in place to respond to a potential data breach. Be ready to address all areas of your business – information technology, financial, legal, human resources, and public relations.
• Hold “war games” or “table talks” to simulate a data breach scenario. Reality-test your company’s ability to respond in a manner that follows the law and engenders trust.
• Train staff to not just mechanically handle consumer requests, but to approach consumer interactions with empathy and care.
• Make ongoing privacy compliance and customer care a part of your company’s culture, rather than a “check-the-box” requirement.

Data privacy compliance likely will become more, not less, complicated. As you ramp up or update your privacy positioning for 2020, do so in a way that creates an even stronger bond with your customers.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.