By James Bateman, CEO and co-founder
The trend is clear: People are demanding — and getting — greater leverage over how their data is being used, and the private and public sectors are taking notice. The days of organizations collecting consumer data and using it without their consent are numbered if recent events are any indication.
If we were to identify the event that ushered in this new era of consumer control over data, we’d likely choose the EU’s General Data Protection Regulation (GDPR). This comprehensive law has initiated a veritable ripple effect related to how companies process, protect and use consumer data based on consumer preferences; countries worldwide are adopting similar regulations.
While the United States currently has no federal privacy laws, individual states and industries are addressing privacy and control. The 21st Century Cures Act, for example, went into effect earlier this year and requires healthcare providers to build and use the necessary technology infrastructure to give patients unprecedented digital access to their medical records.
And big tech understands and acknowledges the trend of consumer data control. We recently saw Apple institute App Tracking Transparency, which provides consumers with control over which businesses can track their data.
Consumer-mediated exchange — data transfers where people can manage their personal data and control how organizations use that data — is becoming a requirement instead of a courtesy in today’s business environment. And companies that collect and use consumer data must prioritize this concept to avoid non-compliance and reputation erosion. Here are three suggestions to help organizations adjust to this new reality:
1. Plan beyond compliance.
Adhering to data privacy regulations is essential, but it should be considered a baseline for consumer-mediated exchange. The fact is, rules and regulations change, and very rarely do they become less stringent. And new laws are often passed to address lapses in existing legislation. By incorporating a consumer-mediated exchange platform and processes that exceed current requirements, your organization won’t be caught flat-footed once an inevitable update is enacted — which will likely save considerable time, effort and expenditures.
2. Be transparent.
It’s essential to give people a reason to want to share data or, at the very least, be completely upfront about why it’s needed. For example, a company may need a consumer’s data to improve their experience on an app. Maybe their data is necessary to advance the greater good, like during a public health crisis. Other times, compensation can be a reward for data access. Clearly and boldly explaining why the data is necessary and how your patient or consumer will benefit — whether directly or indirectly — may increase the likelihood of authorization compared to a pop-up request form with a laundry list of legal jargon.
3. Simplify the process.
Easier is always better. And when consent is the only barrier to getting requested data, that process should be as frictionless as possible. For businesses that need to acquire data produced by regulated industries like healthcare, a consumer-mediated exchange is much more efficient than making a data request to a provider. A consumer can quickly give consent to see the records, which tells the healthcare provider that they can share these documents without violating HIPAA regulations. When a business has to make the request directly to the provider, the process slows dramatically because the provider now has to request records from the patient.
Organizations can transform a historically arduous process into one that’s more efficient, manageable and cost-effective by initiating a consumer-mediated exchange.
We are entering into an era where the balance of power between companies and consumers is shifting. Consumers have more access to their own data, and organizations that embrace this shift and support it are likely to find themselves in a much better position than those that don’t.
This article originally appeared in Forbes.