Why US Businesses Need to Prioritize Data Privacy Now
How Evolving Data Privacy Regulations are Impacting Digital Marketing Tactics
For a long time, businesses have relied on an endless supply of information about user interactions, preferences, purchases, and profiles to help shape their digital marketing efforts. But with a growing focus on data privacy in recent years, we’re now seeing a shift in how we collect and analyze user data.
While the United States does not currently have a comprehensive national data policy, some states have developed and implemented their own laws. We also have a mix of laws that target specific data types or situations.
U.S. data privacy can be complicated and overwhelming, but now is the time to learn about these policies and start adjusting how you think about data — before you’re forced to do so.
In this blog post, we’ll walk you through the existing data privacy laws and provide some steps to get you started on your data privacy journey.
If you’d rather chat with us about your data privacy business needs, check out our custom solutions and schedule a free data privacy consulting session.
DISCLAIMER: This guide is for informational purposes only and does not constitute legal advice.
How Data Privacy Laws Currently Impact US Businesses
Data privacy in the United States consists of a patchwork of federal laws protecting specific rights across the country — like the Health Insurance Portability and Accountability Act (HIPAA) — and various consumer data privacy regulations protecting constituents across the states.
The differences in the state-level policies highlight the need for businesses and marketers to get a good understanding of how we are collecting, processing, and storing user data.
The State of the States
California was the first state to implement a comprehensive data privacy law — the California Consumer Privacy Act (CCPA), which went into effect in January 2020. The CCPA is extensive and provides data protection rights for its constituents — California residents.
In 2020, voters approved an amendment adding even more protections to the CCPA and instituted the nation's first state agency dedicated to privacy through the California Privacy Rights Act (CPRA.)
Since the CCPA, 19 additional states (as of September 2024, when this article was published) have passed their own versions of comprehensive privacy laws.
All states with comprehensive data privacy regulations require users to be notified about the specifics of what data is collected about them. However, not all laws provide the same consumer rights, definitions of sensitive data, or information required in a privacy notice.
Pro Tip
The International Association of Privacy Professionals (IAPP) developed an informative resource on the similarities and differences between each state's data protection laws. While the resource only dives into some details, it provides an excellent overview of data protection laws in the U.S.
Why This Matters
So, what does this mean for businesses in the United States? You may think you’re off the hook if your state doesn’t have a privacy law in place – but that’s not true.
If your business has consumers who reside in California, or any other state with a data privacy law in place, you may be required to comply with these laws.
That means if someone in California happens to visit your website, you are legally required to disclose that data is being collected and give them the option to opt out of tracking if your business meets the thresholds outlined in the policy.
Keep in mind – if you have international clients or are marketing to users in the European Union (EU), data privacy regulations already impact your business! Read our Cookie Consent & GDPR Guide, to understand the full scope of data privacy regulations in digital marketing. Any company that does business with consumers in the EU or targets users in the EU must comply with GDPR.
Pro Tip:
We think implementing a Google-approved cookie management platform is the best way to manage these varying policies - and we can help you get set up for success.
How Should Digital Marketers Approach the Various Data Privacy Requirements in the US?
The responsibility of adhering to all of these privacy policies may be intimidating, but the best defense is a solid strategy involving:
- an understanding of how data privacy laws are being interpreted at the state level
- an implementation plan for how to enact data privacy-compliant practices for your tracking and marketing tactics
The basic idea behind why all of these laws are popping up now is that consumers want more control of their personal information. The EU views personal data privacy as a fundamental right. That mentality differs from how data collection and privacy have historically been viewed in the U.S.
So what should marketers do?
Without a comprehensive data protection law on the federal level, it may be hard to determine an exact course of action. But if you want to prepare for the potential of a federal data privacy policy and adhere to the current regulations, our solution is to think about the situation purposefully and strategically in two categories:
- The Technical Set-Up for Compliance
- Digital Marketing Strategy
How to Prepare for Data Privacy Regulations: An Outline of the Technical Stuff
“As data privacy regulations tighten across the globe, there are essential steps that marketers need to take to ensure that digital marketing initiatives are compliant with both state and international laws. We recommend first working with your legal team to identify which laws you are bound to adhere to.”
- Jack Novorr, Head of Data at Cypress North
An important decision to make is choosing a cookie management platform (CMP) that meets your business and financial requirements. Google’s Cookie Management Platform Partner Program has a list of consent management partners with options that meet a variety of needs, from enterprise-level solutions like OneTrust to smaller-scale WordPress plugins like Complianz.
After choosing a CMP, you’ll need to follow the platform’s documentation for identifying and classifying cookies to make sure you’ve properly configured your cookie banner. Fair warning, this step requires a good amount of technical expertise. If you use Google Tag Manager, make sure your CMP integrates with Google Tag Manager and set up Consent Mode. Use this as an opportunity to clear out any old tracking (we’re looking at you, UA tags!)
Need help reviewing your Cookie Tracking? Contact Cypress North’s Data Department for a Cookie Consultation.
How to Prepare for Data Privacy Regulations: Digital Marketing Strategy
One of the scary things about implementing cookie banners is the belief that there will be a drop in traffic to your website. This is not the case.
Yes, there will be a drop in what we can track through Google Analytics when we offer users the ability to opt out of tracking cookies, BUT that doesn’t mean fewer users are coming to the site. It just means that we aren’t able to track as many users as we used to.
It also means that the tools we’ve been using for web traffic analysis need to change slightly, and we need to adjust our reporting strategy to meet these changes.
So, how do we adjust our strategy?
First, we need to consider our options for reporting and analysis. We need to start relying less on Google Analytics and start thinking more about leaning on data from platforms like Google Search Console for organic reporting and ad platform data (Google Ads, LinkedIn Ads, etc.) for paid performance reporting.
"Data loss from cookie consent is definitely a challenge, but we are filling in the gaps by leaning on Google Search Console more heavily, and taking a closer look at estimates in third-party tools to better understand our organic traffic and site performance."
- Kathleen Hagelberger, Senior Digital Marketing Strategist at Cypress North
Tools & Strategies for Organic Reporting
- Google Search Console (GSC) tracks clicks on Google’s Search Engine Results Pages, which doesn’t rely on website data. We’ll still be able to see keyword performance metrics and analyze how organic traffic is coming to our website.
- Bing Webmaster Tools can view the same info as GSC but for Bing organic search only.
- SEMrush and other third-party tools give us a general idea of how organic traffic is trending and to see traffic estimates.
Tools & Strategies for PPC Reporting
- The information available on the ad platforms will be more reliable and accurate than Google Analytics’ generic trend data.
- Google Ads Enhanced Conversions uses hashed first-party conversion data to model web and lead conversions. At a base level, it works like this: if a user is signed into their Google account and sees one of your ads, Google can match that conversion information to the ad view and credit the specific advertisement.
In general, we will need to adjust our benchmarks for reporting. We cannot compare “before cookie banner” traffic to “after cookie banner” traffic because they are incomparable.
Our Prediction: You Can (and Should) Anticipate More Data Privacy Regulations
We recommend building compliance into your everyday digital strategy and viewing this change as an opportunity to reframe and refresh your strategy. Taking steps to strategically audit your tracking and marketing practices will help you be ready to meet future legislation changes.
Meet the Author
Kristen Nalewajek
Kristen is a Data Analyst who joined Cypress North in May 2023 as an intern. She now works out of our Buffalo office, where she spends her days updating client dashboards, preparing analytic insights, and running queries to pull data from various sources.
Originally from Pennsylvania, Kristen brings more than 10 years of professional experience to our team. While her background is in higher education, Kristen decided on a career shift in 2022 and quit her job to go back to school full-time to study data science. Though she says it was scary and exciting to start over, Kristen is loving the data analytics field and has enjoyed learning new tools and techniques.
Kristen graduated from Buffalo State University in December 2023 with her master’s degree in data science and analytics. She previously earned a Bachelor of Arts in communication studies from Niagara University and a master’s degree in communication and leadership from Canisius University.
Some of Kristen’s previous experience includes instructional roles and working as a marketing communications coordinator. Most recently, she was a marketing professor for five years at Penn State Behrend in Erie.
When she’s not working, Kristen enjoys running and taking her dog Charlie for walks around Buffalo.
0 Comments