Update Retail Privacy Practices with New York SHIELD Act

According to a 2019 retail privacy study by Deloitte, the majority of customers worry about the security of their personal data. Yet, only 22 percent of retailers build privacy into their strategic planning. With the New York SHIELD Act taking effect in 2020, retailers have the opportunity to revamp privacy practices to establish trust and strengthen customer relationships.

Back in 2016, the adoption of the GDPR in Europe sparked an increased concern about privacy in the United States. Since 2016, at least half of the individual states have passed privacy laws modeled more or less on GDPR, including SHIELD. Many of these laws apply to businesses that hold personal data of the state’s residents, regardless of the physical location of the business.

Consider, for instance, the case of e-commerce retailers that sell to customers across the country. These businesses must comply with privacy laws in multiple states, while still endeavoring to personalize the shopping experience with data-driven marketing.

Obstacles to Implementing Effective Privacy Strategies

Banks and healthcare facilities have had to address data privacy for years. For retail businesses, however, compliance with privacy regulations brings new challenges. According to the Deloitte study, retail executives listed inadequate data management as the most significant obstacle to privacy. In fact, some organizations reported storing data in as many as 50 different locations.

With personal information stored in many different locations, organizations often lack the technology, the funding and the expertise to develop effective information governance and security. At the same time, with multiple privacy statutes in play, it can prove confusing to sort through the many regulations.

Forward-thinking retailers have discovered that the most effective strategies involve making privacy a key part of corporate culture. When customers know how businesses use their information, they exhibit more brand loyalty. They also express increased willingness to share details when they trust the business to keep the information secure.

Steps to Achieve Compliance with the New York SHIELD Act

As they begin building a trust-focused privacy strategy, businesses find value in using a comprehensive piece of legislation like SHIELD as a starting point. With a SHIELD compliance program in place, they can adapt and expand to address privacy laws from other states.

Consider these steps to implementing a solid privacy strategy:

1. Gather stakeholders – Building a culture of privacy requires input from every facet of the business, from IT and Human Resources to Sales and Marketing. Establish a cross-functional team to address data compliance. Be sure to secure executive sponsorship.
2. Find and analyze existing data – Look for personal data wherever it resides in the company. Keep in mind that SHIELD broadens the definition of private information. You will need to review business processes, third party processing of personal data, marketing efforts and so forth.
3. Build a plan to address compliance gaps – Armed with an understanding of the requirements of New York’s SHIELD law, design a plan to address any shortfalls. This will include ensuring that your data security program meets SHIELD requirements. You may also need to update your contracts with third party vendors.
4. Establish clarity – Transparency encourages customer trust. Make sure customers know what you will do with the information that they provide to you and how you will share it with others. Provide simple ways for them to manage their information and their privacy preferences.
5. Ensure ongoing compliance monitoring – Privacy and compliance require an ongoing effort. Implement a program for continuous monitoring and accountability. Additionally, make sure you have a plan to respond to requests from individuals and regulators.

Build Data Privacy into Company Culture

The New York SHIELD Act represents just one more step in an ongoing privacy movement. Instead of reacting to each new legislation, make privacy part of how you do business at all levels. Also, keep employees trained and customers informed.

As you develop a privacy-focused strategy, leverage the experience of security and compliance experts. The retail IT consultants at eMazzanti will help you build a solid information governance strategy, including multi-faceted data security and ongoing compliance monitoring.

Download Article PDF