privacy best practices

2019 has been quite a year for the privacy world.

The GDPR celebrated its first birthday with a slew of fines and investigations.

The Nevada privacy law (Senate Bill 220) passed and went into effect, as well as ones for Illinois and Maine. Vermont and South Carolina followed suit with minor updates to existing laws. And in all, 24 states considered enacting data privacy laws in 2019.

Not to mention with a deadline of Jan. 1, 2020, the California Consumer Protection Act (CCPA) has ushered in a slew of preparations of its own.

With all of these privacy regulations a part of business as usual in 2019 – and more coming down the pipeline – it’s important companies look at privacy best practices as more than just a nice-to-have. It could make or break your brand in the future.

Protecting consumer rights isn’t just the law anymore. It’s a way to prove your trustworthiness to consumers.

Because it’s such an important part of how brands will function and prosper in the future, we’re highlighting the ways big and small brands alike have embraced privacy best practices in 2019. Use these examples to shape your own strategy for privacy in 2020 and years to come.

Go Above and Beyond

Download the free CCPA compliance guide.

71% of marketers believe lack of compliance could have a detrimental impact on their company’s ability to conduct business. That makes sense when you consider that today 53% of online users are more worried about their online privacy than compared to a year ago.

The best way to address these concerns is by being up front with consumers about what exactly you’re doing to protect their data and follow privacy best practices. In other words, don’t wait until you’re asked. Inform consumers as soon as possible and as clearly as possible.

Case in point, was one of the first to announce all its users – in all locations – would have GDPR rights. This is the specific language they used in their email to users:

We confirm that the full suite of GDPR-type privacy rights are now available on a global basis to all users of Indeed, as set out in section 10 of our Privacy Policy. We believe this is the right thing to do, and underscores the importance we place in your privacy.

Another company first in line to implement privacy rules for all its users and products was Microsoft, which just made a similar decision related to CCPA rights. Replicating what it did when the GDPR was released, Microsoft pushed out a high-impact blog post pledging to honor CCPA rights not just for California consumers, but for those throughout the entire United States.

By being transparent about the data we collect and how we use it, and by providing solutions that empower businesses to safeguard personal data and comply with privacy laws, we can demonstrate our commitment in the absence of Congressional action,” wrote Julie Brill, Chief Privacy Officer for Microsoft.

This type of above-and-beyond, honesty-is-the-best-policy approach is what cements a company as a trustworthy brand to do business with in the minds of consumers.

This approach is worth noting, and imitating.

Be a Privacy-First Brand

It’s one thing to check all the boxes for privacy best practices. It’s a whole other to make your brand synonymous with protecting users’ rights. 

True to form, that’s exactly what Apple is doing with its “Privacy. That’s iPhone.” brand messaging.

The technology company created its own dedicated page for addressing how its products, features, and services are privacy-first. And no, we’re not talking about its privacy policy. This separate page specifically touches on how Apple addresses privacy best practices for:

  • Web browsing
  • Location history
  • Photo storage
  • Text messaging
  • AI listening
  • Content tracking
  • Financial information
  • Health data

Apple has even dedicated advertising dollars to campaigns about the topic of privacy protection. Apple’s masterful video ads that touch on the most important aspects of privacy protection have earned high exposure: iMessage encryption, browser cookie tracking, and the security of using Face ID.

The latest installment shouts the theme: If privacy matters in your life, than it should matter to the phone your life is on.

As per usual, Apple focuses on the why instead of the what. It believes privacy is a fundamental human right, and that belief is reflected in the products it creates.

Being a privacy-first brand isn’t only for big name companies, though.

Smaller startups and budding enterprises like are also making it a part of their feature sets.

As a project management tool, users exchange a lot of sensitive information. From messages to copy to financial data, everything inside the platform needs to stay secure. The company thinks this is so important to how it operates, it included a special section about privacy protection on its product feature page instead of just burying it in a privacy notice.

It probably won’t be long before another bubble pops up in this section denoting compliance with the CCPA and other U.S. privacy laws soon to be passed. It’s obvious that earning customer trust through privacy best practices is at the top of the priority list for

And that just proves no matter the size of your company, your brand can be – and should be – privacy-first.

Give Your Privacy Policy an Upgrade

What if your privacy policy could be more than just legal jargon and intricate terminology? While you can’t exclude any of that fine print, there are things you can add to spice it up.

Just consider the creative approach Ticketmaster took with its privacy policy.

The bottom three quarters of the page looks a lot like every other privacy policy. But the top half is something else entirely: A brand mantra, a commitment to its users, a promise of protection. For a brand that’s in the business of gathering data, this sure packs a positive punch for consumers. 

You are at the heart of everything we do. Our goal is to maintain your trust and confidence by handling your personal information with respect and putting you in control,” reads the Ticketmaster privacy policy.

If that wasn’t enough to melt your cold hard consumer heart, there’s also a stunning video that follows.

Ticketmaster weaves a story that’s so relatable and so trusting, you can’t help believing privacy is personal to them. As Forbes so perfectly stated, “The events ticketing company managed to turn a privacy policy update into a marketing campaign.”

When the New York Times deems most privacy policies “an incomprensible disaster” because of their walls of text and vague language, brands like Ticketmaster are a breath of fresh air.

Most companies include the must-haves in their privacy policies. But taking it a step further to make it an opportunity to elevate your brand is the way you will gain more customer trust and, eventually, dollars.

Conclusion: A Fresh Perspective

The truth is, privacy laws aren’t going away. 

Quite the opposite, there’s already a national trend supporting more data protection, more consumer rights, and more brand accountability.

For companies who understand the benefits of privacy regulations to consumer retention and the bottom line, this comes as good news. In fact, privacy best practices can open a door to brand authenticity, renewed customer confidence, and perhaps a different way to do business than the world has ever experienced before.

Now is the time to build consumer rights into your brand story. It’s the time to re-think and re-build your privacy policy. It’s time to tell your customers what you’re doing with clarity, honesty, and frequency. With the CCPA compliance deadline on the horizon, you can be the brand that sets the tone for the industry when it comes to privacy protection.

Are you ready to go beyond compliance and build trust with customers? We’re a team of privacy experts who can help navigate you through best practices, strategies and tactics. 

Reach out today!

Schedule a free consult!