Bill Bruno is CEO of Celebrus.
Last month, the Federal Trade Commission (FTC) sent over a letter to five tax preparation companies (H&R Block, Intuit, TaxAct, TaxSlayer and The Lampo Group) regarding possible unfair and deceptive practices.
Within the letter, the FTC warned that data collection for marketing and advertising purposes could be a violation subject to a fine. The agency warned that penalties of up to $50,120 per violation could accrue if they misuse personal data in ways that run counter to the purpose for which this information was collected.
The main culprit here is how you might be using data as a brand to further your marketing and advertising investments. It’s the same story that has been pervasive in the industry for years now: Brands need to get better control and understanding of where they are sending customer data and, ultimately, where it goes once it lands wherever they’ve sent it.
If you send data to an ad platform, for example, how does that data get used? Is it only for your brand, or does it get shared and modeled for others as well?
A federal probe found that some of America’s largest tax-prep companies have shared Americans’ sensitive financial data with companies like Meta and Google in the past, so it really is no surprise that a letter like this has now come their way.
We saw this happen in July, too, when the FTC and the Department of Health and Human Services (HHS) sent 130 letters to healthcare companies reminding them of their obligations around tracking technology and the Health Insurance Portability and Accountability Act (HIPAA).
I can confidently say that more of these types of letters are coming to industries that manage lots of personal information or find themselves in regulated industries. The United States has taken a state-level approach to privacy thus far, but these actions from federal organizations are starting to show what the future may look like.
Practical Tips For Avoiding Violations
If you are a tax preparation company, what can you do to prepare and avoid hefty penalties? Here are some quick tips.
• Avoid the use of third-party tools. These tools, like Google Analytics, collect and action digital data. First-party data is the only true path forward. There is a lot of confusion around the definition of first-party as well, with many vendors preying on that confusion. The simple litmus test is this: If you’re sending data outside your four walls, it’s ultimately third-party, regardless of what the vendor tells you.
• Consider consent and take actionable steps to ensure you are a responsible steward of customers’ data. In this situation, you don’t necessarily have to invest in a consent management platform, as many might not have that budget. What you must do is ensure your technologies across your digital landscape are adapting what is collected and used based on the preferences set by your consumers and maintain that for the entire visit.
• Pretend GDPR is active in the U.S. and operate from that perspective, ignoring the state-level approach to ensure you are ready for the future. It’s always best, in my opinion, to stretch beyond the existing regulations because what you’re seeing now is just the start. It will advance quickly and already has this year.
Protecting the rights and privacy of your customers should be your top priority as a company that deals with sensitive personal and financial data. If you are unsure how and where your customers’ data is going, it’s time to act now.
The alleged negligence of tax preparation companies is one reason the IRS is piloting a free online tool for the 2024 tax filing season, which can rival the products and services of H&R Block, TaxAct and others. If you are an organization that has received one of these letters, it’s imperative that you take them seriously and get your own house in order.
If, for instance, you’re collecting and actioning digital data using a third-party tool like a digital analytics platform or programmatic buying platform for advertising, you’re indeed at risk of violation. This includes how you use digital data for advertising and marketing, not just the reporting. Toucan Sam said to “follow your nose,” and in the digital world, you need to follow your data.
It’s not too late to ensure your digital data is compliant and protect your customers’ privacy. Hopefully, this article has provided you with some things to dig into and ways to make sure these topics are part of your strategic planning for the rest of this year and the future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here