The surprising ripple effect of a privacy compliance request
Rooted in increased regulations and general customer backlash, there is a growing emphasis on collecting consent and ensuring privacy of customer data, especially following enactment of the California Consumer Privacy Act.
In this environment, the "cost" of compliance is a top of mind factor for mortgage companies, but how "cost" is considered varies from organization to organization. Irrespective of an organization’s approach, the cost and complexity of solving the consent and privacy problem remains high.
The CCPA took effect on Jan. 1, following the earlier implementation of Europe's General Data Protection Regulation.
Some companies focus on the cost of setting up technology to collect, track, store and report customer consent and privacy across their enterprise systems. They focus on making a solution-based cost benefit decision, seeing the compliance problem simply as a project to complete and an item to check off their to do list.
Others focus on quantifying the cost of potential fines associated with noncompliance. Their focus is risk-reward and decisions are based on the potential risk and associated cost to the organization for a complaint.
By defining a consent and compliance project so discretely, organizations overlook an expensive and impactful aspect of addressing the requirement which starts with a simple request — a customer asks to be removed from a communication.
Without approaching compliance holistically, a request to be removed, be forgotten or for an understanding of what is being collected on a customer becomes a grain of sand in the gears of the company. This grain of sand negatively impacts and slows down the overall organization as it works to address the request.
As the request moves through the organization from department to department, the cost to address a compliance inquiry grows exponentially — and this expense grows as the number of requests grow.
Cost to customer service
In most cases, the information needed to answer common customer requests — such as tracking the applicant's status or where interest rates or whether their payment has been received — is relatively easy. That's because they've spent years and lots of money building out their core customer relationship management systems.
This is not true for consent and privacy data. This data may be stored across many different systems and tools within the enterprise. Additionally, accomplishing a consolidated view requires a proper data map to what information is stored where.
By allowing customers to complete consent and privacy requests via self-service or providing customer service representatives easy access to customer data across the enterprise, consumer inquiries can be handled effectively before they become a larger problem.
Without an overall understanding of where data is stored, how to access it and more importantly make a change, no request for consent or privacy data can be easily addressed. This results in significant time and effort by the customer service representative and others across the organization as well as multiple communications with the customer regarding the status of their request.
Cost to marketing
Good marketing presents a well thought out brand promise and makes the customer take notice.
However, in order to fulfill compliance requirements, many companies deploy tactics that result in less than ideal messaging to customers regarding the use of their data. These messages only confuse, frustrate and certainly don’t convert customers.
In other cases, an attempt to quickly address consent and privacy risks, organizations turn to Band-Aid fixes such as the implementation of complete opt-out versus opt-down or the decision to not send certain outbound communications at all.
The loss of customer communication, either because of overly stringent adherence to compliance laws and regulations or due to confusing compliance language impacts the effectiveness of marketing and decreases ROI on marketing efforts.
Well thought out consent collection and data privacy access at key moments in the customer journey is key to converting compliance from a cost to marketing to a marketing advantage.
Cost to compliance
Without a proper governance approach, the compliance department finds itself stuck in a cycle of one-off responses to complaints and addressing compliance requests that arise. To address the problem "of the moment," the department tasked with compliance works in a constant triage.
Consent and privacy management is not a technology and it is not a project.
To address these correctly, it requires an overarching practice, a general shift in the way the organization views the customer and works internally. Fully addressing consent and privacy requests requires input from all departments to stand up a well thought out approach and continually update it as the technology, business and compliance environment changes. The compliance department must be strategic about its approach in order to be successful.
Cost to the customer experience
Finally, the most impacted aspect of an organization is the customer experience. This includes how the customer views the organization as a steward of their data, their experience of receiving communications across many channels, as well as their experience when they interact with digital properties.
Collection of consent and responding to data privacy requests must be thought through as strategically as any marketing campaign to drive traffic, shopping cart experience to increase conversion or supply chain assessment to drive down costs and increase customer satisfaction. It can't simply be bolted on as an afterthought.
As regulations and requirements increase as a result of increased scrutiny through laws such as GDPR and CCPA, the cost of complying with customer requests eats away at top and bottom line profits.
Topline because the customer can exercise the choice to work with companies that honor their consent and privacy wishes strategically and proactively, bottom line because of the internal impact to ill-prepared organizations as they react to inquiries from customers. To be successful, organizations must think through the ramifications beyond the implementation of a singular technology or in preparation for potential fines.