Robert Kobek, President, Mobius VP, LLC

CustomerCount and Patients-Count

It may come as a surprise that the CEO of a data capture company is aggressively and ambitiously working to promote a privacy law for Indiana and other states. But for me, it makes perfect sense.

Here is the short story

For businesses across a variety of industries, it is already costly to comply with existing consumer privacy regulations advanced at the global, federal, state and industry levels. My company, for example, already complies with the EU’s General Data Protection Rule (GDPR), HIPAA and a handful of early state regulations that have taken effect, including California’s and Virginia’s data privacy laws.

I prefer to tweak our software using small screw drivers instead of big ones. I can make the big compliance changes one time, like with GDPR, and then comply with additional state regulations by making small tweaks. At some point, the Feds will get smart and create one law, eliminating the need for individual states to act. But until that happens, it is in the best interest of impacted companies to encourage states to pass similar regulations that will result in the fewest amount of tweaks needed to comply.

That’s why I advocated for a data privacy law in Indiana, which recently passed the General Assembly and awaits the Governor’s signature to become law.

My company is a member of the Indiana Technology & Innovation Association (ITIA) which gave us a platform to engage in this legislation and work with other stakeholders to advance our shared goals for the law. The version of the law that passed is much more palatable than the version that was first introduced last year. The final bill is modeled after Virginia’s law, which was written to protect the consumer and make it much easier for companies to comply.

Because of stakeholder engagement, input and collaboration with the bill author Senator Liz Brown, the Legislature passed a consumer protection law that technology companies can help implement, gladly.

I was a member of the front line when the Do Not Call list was initiated and even passed by the U.S. Congress – quickly, unanimously, and enthusiastically. The measure that passed gave the FTC the jurisdiction to manage and prosecute. (Did you pick up that word ‘prosecute’?) And it blew through Congress faster than a pay raise.

Had you told me a bill that that restricted a $60 billion industry was being signed on the South Lawn of the White House by a Republican President, I would have insisted on taking your temperature. That happened in 1991. It was hailed by some as sounding the death bell for the teleservices industry and even had a shot at a hearing in the Supreme Court.

But, interestingly enough, it ended up preempting many states to the point where instead of having 50 different sets of regulations, there are only 12 states that currently manage their own Do Not Call list. It turns out that innovative technology and intelligent use of data, streamlined and helped create the omni channel contact center.

Hopefully that’s what ultimately happens with data privacy, and we can meaningfully protect consumers without stifling innovation and business.

Fast forward

How much data exhaust do we leave behind every time we turn on the tv, start our car, or watch a movie from our family room? Tons. That’s how much. Add to that, all the other events of every day, in every week, of every month, of every year, and the amount of data is overwhelming. Today’s technology is capable of collecting, reporting and disseminating information back to the consumer with amazing accuracy. Use your grocery store card to buy a soft drink product and you are now a buyer of soft drinks forever – at all kinds of outlets, hotels, other stores, online, you name it and you have access to soft drinks at lower prices.

What happens between those commercial events is where a problem lies. Today, it’s like this. Rent (or buy the use of) a list, append it and you own it.

Worse yet, the big data guys don’t necessarily sell the data but “are accomplices in in the use of the data by enabling the use of your data – as Cambridge Analytica that gave Facebook cover,” says John McNulty, CEO of Didgebridge, a marketing technologies and digital and digital privacy firm.

And now

Currently, there are six states with comprehensive data privacy laws on the books with Indiana being imminent. California is the one that is particularly ominous as it contains very rigid standards for privacy protection. Virginia was next and was written to protect the consumer and make it much simpler to comply. Make no mistake, Virginia has teeth.

From a strict privacy compliance lens and as a general rule, if a company complies with the GDPR, it generally complies with Virginia. Generally, because that bill, like many others, have to conform to their respective state codes. But, as a rule, the practice of compliance should be rather standard throughout the compliance universe.

Hoping that happens is one way to get on the slippery slope of reacting, but getting fully engaged is a way to get ahead of it all. That is why one CEO of a data capture company is aggressively and ambitiously working to promote a privacy law.