top of page
News & Views

Without Federal Privacy Policy Standards, How Are You Negotiating Compliance?

As new state privacy policy regulations roll out, many marketers hope for common standards on a federal level. As we look out for centralized changes, employee burnout, administrative challenges, and alterations to data collection methodology complicate our industry, in addition to the path to compliance.

In the face of these challenges, we recommend using the upcoming California Privacy Rights Act (CPRA) as a benchmark in 2023. The CPRA, the follow-up to the California Consumer Privacy Act (CCPA), goes into effect on January 1, 2023, and emphasizes respecting opt-out preference signals, including Global Privacy Control (GPC). The law builds on the CCPA with new provisions, including the requirement that businesses give special notice to people if they intend to use or collect personal information. In addition, companies must wait at least 12 months before asking individuals who opted out of sharing for their consent.

Another Option For Compliance

General Data Protection Regulation, or GDPR, is another way to ensure compliance, and one that we recommend healthcare marketers consider carefully. The European law – arguably the most rigorous privacy and security law worldwide – expanded existing data privacy protection in 2018, providing a rigorous framework for maintaining and processing data. And, while many companies believe they are exempt because they don’t market abroad, this is not true: doing business with any “EU data subjects” requires compliance with regulations and requirements.

A wide variety of data is protected under GDPR, and includes:

  • Basic identity information

  • Web data

  • Biometric data

  • Health and generic data

  • Racial or ethnic data

  • Political data

  • Sexual orientation information

  • Additional data categorized as “basic identity data”

This data is protected by eight rights for individuals, listed here. To begin implementing GDPR, businesses must assign a processor who maintains personal data records, as well as a controller to determine how and why data is processed.

If you are unsure about your current compliance, or would like to take a closer look at your specific data collection processes, we can help. Contact us to learn more about collecting, enriching, and managing first-party data.


  • LinkedIn
  • Twitter
  • Facebook
bottom of page