Not too long ago, online data security was not something people fretted over. Most didn’t read online privacy agreements, checked “agree,” and hurried on to their destination. But then came the Facebook, Cambridge Analytica, Home Depot, and other major data breaches, including hospitals and health insurance companies, and attitudes changed. Facebook has 2.9 million active users—about 30% of the world’s population—and such a large breach was both unfathomable and frightening. Understandably, consumers suddenly became very concerned about their data. And so did governments.
Last year, the EU implemented the General Data Protection Regulation (GDPR), the world’s most comprehensive data privacy law, according to Rachel Glasser, author of our cover story. A year later the GDPR is still in its infancy, enforcement bodies are still being set up—but most EU companies are taking a “wait and see” approach to compliance enforcement. Trickles of accountability are occurring, complaints are being heard, fines are being levied, but generally, Glasser notes, the GDPR doesn’t yet have much bite.
California, however, is really shaking things up. The fifth largest economy in the world is proposing the California Consumer Privacy Act (CCPA) which is “potentially one of the most sweeping revamps of data laws.” This law would do two things many want to see: It broadens the definition of what constitutes personal data and it creates litigation risk for any large business that collects or uses that data. This is a huge step in the right direction for patients and other consumers who want to know and trust who is collecting their sensitive data, what they are doing with it, why, and how it is protected.
Another big step: Sarah Caldwell, author of this issue’s Expert on Call Data & Analytics column, urges pharma marketers to acquaint themselves with the Network Advertising Initiative (NAI), the leading self-regulatory association for responsible data collection and use for digital advertising. The NAI’s Code of Conduct goes into effect on January 1, 2020 and it has very specific guidelines for “Tailored Advertising,” that will affect targeted ads. Surely, to reach and engage patients in a secure manner today is becoming more of a delicate balancing act—with a little juggling on the side. But pharma marketers have shown us time and again that they can keep more than one ball in the air at a time.