Privacy Laws Skirted by Seemingly Helpful Companies

After recently visiting a competitor’s website, we were solicited by the agency to partner with them. We had no prior business relationship with the company prior to going onto their website. They wanted us to send our clients to them to use their custom sales platform. This platform could match visitors who landed on client websites with visitor info from their massive data warehouse. At first, this sounded like a sale team’s dream come true: We could get prospect names, phone numbers, email addresses, specific website product pages visited and even headshots of the person. All the info a salesperson could ever need to close a sale. However, if it sounds too good to be true, it probably is.

After the very convincing pitch from these guys, I determined just how they were offering this magic bullet. They were pulling data from multiple sources: IP addresses of website visitors, contact info from industrial directories, and possible other data sources. These individuals then built a platform to pull all the data and load it via API connections. While all this gathered info was from free and legal sources, aggregating all of the personal identifiable info together is where the issue resides.

Background on Privacy and PII

Facebook got into hot water when Cambridge Analytica scraped and exploited Facebook’s user data in 2014 for political purposes. By harvesting and aggregating data and not stripping out personal identifiable information (PII) a company using the data opens itself up to legal risk. Violating people’s privacy for personal gain is something the EU and California legislators have most recently addressed. Both the GDPR and CCPA make violating privacy laws punishable with hefty fines. Additionally, there is a thin line between the legality and ethics of using PII data. Just because laws in your state may not be in place, is it right to tap into personal information of the people (your potential customers) visiting your website? Would your customers find this activity offensive or egregious? If your company found itself in the New York Times for using these practices what would happen?

New Privacy Laws and Regulations

Recently Ad Age published an article by Jack Neff indicating that Florida recently dropped private rights to sue, allowing some marketers to continue using data practices outlined above. However, while the current environment may still be the “Wild West” in terms of personal data use, various state legislators are slowly changing the laws. Nine states have enacted laws where companies can be sued for misuse of PII data. If you’re using this type of data in Alaska, California, Connecticut, Illinois, Maine, Nevada, Oklahoma, Virginia and Washington, you may be exposing your company to risk now or in the future. To avoid legal action, only use data that’s been aggregated together and stripped of any PII by a trusted provider.

Perhaps I was naïve to think that companies do the right thing with data collection and use. But when money is to be made from people’s information, there always will be people out to push the legal boundaries.

Learn more about how we use programmatic advertising to incorporate industry best practices of data usage.