Reforming US Data Privacy for the Future

By Dennis Dayman, Chief Privacy and Security Officer at Return Path


There is no doubt that the proliferation of consumer data has grown exponentially in the last decade, and no sector of the online world has remained untouched by this phenomenon. Technology has crept into every home and business arena, becoming an essential part of our lives—and each of these interactions with technology produces a surprising amount of data.

Data is hailed as the marketer’s Holy Grail with good reason—it provides marketers with the insight needed to tailor advertising campaigns, connect with their target audience, and maximize engagement and return on investment (ROI). Big data can help make sense of the information gathered, such as retention cost, average transaction value, subscriber preferences, and even customer satisfaction.

Threats to data privacy come in many forms

The often overlooked side effect of this new reality is that, where paper records were once locked away in filing cabinets, the same information is now housed on websites across the internet or stored in “the “Cloud.” Threats in this virtual environment include criminal activities aimed at collecting personal information through hacking and data breaches. Unintentional exposure is also possible through the increased use of connected devices such as mobile phones, home security cameras, “smart” appliances, personal assistants like Amazon Echo, and even children’s toys connected to the Internet.

But perhaps the greatest risk to data privacy is far less obvious. Consumers today willingly agree to give companies access to their data, often without a thought, by simply agreeing to a set of terms and conditions. The massive amount of cheap data storage systems, clouds, and search technologies make it much easier to share or transfer personal data, or hold it for indefinite periods of time.

Companies that buy personalized data about buying habits and other behavior from stores, loyalty programs, and other sources, often make it difficult for the layperson to understand their policies surrounding the consent, collection, and use of such data. Some of these companies are becoming so adept at gathering marketing information that they may know more about an individual’s movements, beliefs, and preferences than that person knows about him- or herself.

Combined, all of these factors create an environment that is fraught with privacy and security concerns for all. All it takes is for one hacker to gain access to a single company and their database, and thousands of consumers may have their personal data exposed. and that

New laws for the new reality

As technology and the data universe expand, more and more situations fall outside of existing laws and regulations. It may come as a surprise that most of the data we generate today through such widespread uses as web searches, social media, e-commerce, and smartphones is not covered by any specific privacy laws. Change has come faster than legislation or regulatory rules can adapt, and it blurs the sectoral boundaries that have defined our older privacy and security laws. For these reasons, we’ve seen an explosive push on privacy regulations around the world.

Most recent proposals for privacy legislation are either only aimed at slices of the problem, or double down on notice and consent by increasing transparency and consumer choice. Here at Return Path, we believe that it is time for a more comprehensive and ambitious approach, and we support this position through the many coalitions we participate in.

Some point to the overarching and newly enacted General Data Protection Regulation (GDPR) in the EU, but others say it is not the right model for the US. Currently in the US, individual states are taking precautions and creating their own privacy laws to protect their citizens, including the new California Consumer Privacy Act (CCPA). The issue with this approach is that we could end up with 50 conflicting and competing laws, with different definitions of terms like ”personally identifiable information (PII)” and “individual.” Clearly, this would create an impossible situation for any company doing business across state lines.

What we need instead is broader, federally mandated requirements around privacy. Such baseline privacy legislation is necessary in the US to ensure that individuals can trust that data about them will be used, stored, and shared in ways that are consistent with their interests and the circumstances in which it was collected. This should hold true regardless of how or from where the data is collected, who receives it, or how it is used.

It is my belief that the myriad of proposed regulations and other similar state bills must be stopped in order to ensure data privacy is regulated in a consistent way across the country. Federal regulation is imperative to strike a reasonable balance between adequately protecting consumers and imposing overly restrictive and expensive mandates on businesses.


About Dennis Dayman

Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As chief privacy and security officer at Return Path, Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet-related policy issues.


Please enter your comment!
Please enter your name here