The flood of robocalls and telephone-based scams over the past decade has led to an international backlash against unsolicited telephone communications. This global reaction has come in the form of a slew of new guidelines and regulations. Information services that rely on primary source verification of their databases have been drawn into this fray, despite being some of the most transparent and honorable actors in this space, and so it is time to look at the big picture and strategize how best for us to move forward to the benefit of our companies and customers.
This situation makes it easy for our industry to be defensive and, potentially, to resist what they perceive as onerous regulations. This, however, would be a serious error. It is far better for all of us in the b-to-b information and software businesses to see this new regulatory environment as an opportunity. An opportunity to demonstrate our transparency, professionalism, and integrity. An opportunity to explain and defend the value propositions that have made our firms and our sector so successful.
Hear me out.
- Don’t just comply, embrace. Any regulator or attorney attempting to accuse a firm of not complying with new regulations is aided by evidence that the firm in question is reluctant to comply or actively fighting compliance. Conversely, a full-throated and well-documented embrace of the rationale for the regulations makes that effort far more difficult. The firms that take the following specific steps should be able to avoid the vast majority of all the risk related to these new regulations:
- Announce the appointment of the chief privacy officer in your company news feed, explain their responsibilities, and invite customers to share any privacy concerns they may have directly with this officer.
- Prominently post details on the privacy concern redress process on your site(s).
- Keep a detailed log of all (email, phone, web form) communications from people contacting the firms about privacy policies. Ideally the chief privacy officer should be able to push a button to generate a report on the date, time, and subject of an inquiry along with a demonstration of the actions taken to redress the concern (additions to the do not call list, refunds, text of formal replies, etc.).
- Be prepared to explain your data’s provenance. Under E.U. regulations the source of meat and produce products needs to be established in order to confirm regulatory compliance (e.g., ‘where was this fish caught?’ or ‘is this organic?’). Data supply chains can be similarly structured to be auditable without disclosing trade secrets. Each individual field of data can and should have the following, to the extent practicable:
- a timestamp
- before and after values for the field
- the reason for the change (telephone conversation, URL of the legitimate source of the update, etc.), and
- the name of the person who made the change.
- Get ahead of the curve. Accept that you will need to be able to defend your data’s provenance the same way software producers will be compelled to defend the algorithmic fairness of their automated services. If you build your data supply chains with the same certain knowledge that you will need to defend the logic of every single step in those processes then you will be well-prepared to meet whatever regulatory challenge you may face in the future.