When it comes to companies who procure personal data, there is a fine line between being proactive and being predatory. But what if sharing data could be a truly simple experience: useful, clear, perhaps even enjoyable? In this SMPL Q&A, we talk to strategist Christine Lim about how data transparency can lead to brand simplicity and greater consumer trust.

What is The California Consumer Privacy Act?

Currently, when a data or privacy breach happens to a company in the United States, there is no legal protocol in place for how to handle the crisis. To what extent are companies liable? Moreover, how can consumers better protect themselves in the future? When the average person downloads a new app or starts a new online account, they probably click “agree” without ever reading the privacy policy. However, recent catastrophes such as the Facebook-Cambridge Analytica data scandal and the Marriott data breach have raised interest (and concern) regarding how consumers can better understand, protect and control how their online data is used.

The California Consumer Privacy Act (CCPA) offers Californians important new consumer privacy rights to regain control of their personal information that companies (even those based in other states) collect. The CCPA holds companies accountable for data misuse, which could include collecting without permission, sharing with third-parties or not keeping data “reasonably secure.” When the bill takes effect in 2020, it will be the first of its kind in the United States.

Why do companies even track and keep data?

Data misuse is a severe problem, but at its heart, data is meant to create a mutually beneficial relationship between companies and customers. In exchange, companies offer products or services that produce value for its users.

In the best-case scenarios, the benefit is clear. With Spotify, each track that you add to a playlist gives the platform information about your preferences, allowing the service to customize playlists or suggest new artists based on listening habits. However, collecting data is not unique to the technology space. Retailers like Costco track and record their customers’ purchase histories. One benefit of this type of surveillance is the ability to contact customers directly in the event of a product recall.

As digital footprints continue to grow for brands, and consumers become savvier about how their personal data is used, having a proactive and transparent digital policy will become standard operating practice.

How can companies prepare for CCPA?

I can already hear the chorus of cynics: ‘Companies already have clear privacy policies and explain how their data is used, but no one reads them.’ While there is some truth to that, there’s a reason no one reads them. Today’s policies aren’t designed to be understandable—they are lengthy, written in legalese, and presented at the worst possible time—a digital roadblock between you and the latest iOS update, the hottest dating app or a breaking news article.

At Siegel+Gale, we believe in the power of simplicity. For fifty years, we’ve owned it, defended it and lived by it. Simplicity inspires deeper trust and strengthens loyalty, but what does it mean to have a simple experience with regards to data? Here are three approaches that could help.

Is it useful?

Data should contribute to a specific need or benefit—creating meaning for your customers while reducing the burden of storing old data. Performing routine checks reassures people that their information is appropriately managed. In the case of Marriott, not only was the personal data of hotel guests exposed, but also ongoing investigations suggest the perpetrators had been inside the company’s networks for four years. If Marriott had a more proactive approach to managing data, it’s possible the risk could have been minimized, perhaps even avoided.

Is it clear?

While inherently complicated, the use of clear and human language can go a long way in helping users engage with privacy policies. Recently, I was reviewing the FAQs of two different home insurance companies. One described a deductible as: “How much you will pay out of pocket if you experience a claim.” While this is technically correct, the other company used an example situation to illustrate the relationship between an incident, a deductible, and a claim. It might have taken more words, but the clear description helped me feel confident that I was making the right choice. 

Is it enjoyable?

Consider the following two real examples of an email subject line from financial institutions concerning Regulation E:

Bank 1: Your yearly notice about Electronic Fund Transfers

Bank 2: Rabble, rabble, rabble. (Translation: required legalese enclosed)

The first example could have come from anywhere, but the second is unexpected, a little provocative, and has a sense of humor. After Simple, aka Bank 2, sent their annual email, not only did it lead to a high engagement of customers reading the policy, but it inspired fan letters and emails of appreciation. It’s now become an annual tradition and significant touchpoint between Simple and its customers.

What’s in it for me?

Brands that can demonstrate a positive benefit in exchange for data use have a better opportunity of standing out, adding value to their offering, and creating stronger connections with customers. A 2018 study found that 58 percent of consumers “are open to (exchanging data) if the benefits received in return for their personal information are clear”(Marketwatch).

When Europe implemented the General Data Protection Regulation (GDPR) in 2018, many companies were caught off guard by the new set of rules and regulations, spending months trying to achieve GDPR compliance. There are a few examples of companies who used the GDPR to create new brand value, but I expect this to change as more companies see it as an opportunity to rethink customer relationships and their innovation. While the specifics of the CCPA are still being decided, it’s not too early to start planning and more importantly, thinking beyond compliance.

Christine Lim is a strategist at Siegel+Gale.