General Rights & Types of Consumer Data That Need Protecting

2023.02.11

Home > Articles > General Rights & Types of Consumer Data That Need Protecting

If the internet is changing and evolving, then so should our policies regarding how it integrates into the norms and protections of our societies, including consumer privacy. Just as there are unalienable rights for human beings in the analog world, it is important that these  be expanded into the digital universe as well. Shockingly, many people are not aware of the lack of legislative protection of their information in the country they live in, let alone globally. 

Opinion: As a value-based organization, ZAMARTZ believes that the consumer should have access and protection of their information. Businesses should be able to thrive while still maintaining basic human rights, including those outlined in this article. 

We have outlined many of the typical rights and information that legislation, such as GDPR and CCPA, are attempting to protect and enable for the consumer. 

At the time of this article, approximately only 10% of these rights and types of Information have wide-spread protection.

Consumer Privacy Rights

RightDescription
Right to Easily RequestCustomer must have a conspicuous and multiple ways to make request easily
Right to KnowledgeRequest their information specified by customer
Right to AccessReceive a copy of personal information organization holds about the consumer
Right to PortabilityHave that personal information in a format that is transmittable to another entity if provided electronically
Right to ErasureHave personal information deleted, subject to exceptions
Right to Opt Out of SalesRestrict the sale of the consumer’s personal information
Right Against DiscriminationNot to be charged a different price or receive different services where exercising the other rights
Right to Stop Data ProcessingNot to have data processed for direct marketing purposes. 
Right to AmendmentRequested information is amended to correct customer’s data

Types of Information Collected

TypeDetail
PII (Personal Identifiable Information)Identifiers such as a:Real NameNamed AliasPostal AddressUnique personal identifiersOnline identifier IP addressEmail addressAccount nameSocial Security numberDriver’s license numberPassport number or other similar identifiers
CharacteristicsExample Characteristics of protected classifications:GenderAgeEthnicityRaceHair/Eye Color
Commercial RecordsCommercial information including records of:personal propertyproducts or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
BiometricsExamples:Facial RecognitionFingerprintsIris Photographic RecognitionDNA SequencingVein RecognitionRetina ScanningVoice RecognitionFinger Geometry
Electronic ActivityInternet or other electronic network activity information, including, but not limited to: Browsing historySearch historyInformation regarding a consumer’s interaction with a website or applicationInformation regarding a consumer’s interaction with advertisement
Geo LocationExamples:HemisphereContinentCountryState/RegionMunicipalityCity/Town/VillageStreetAddress NumberPostal CodeServiceable Area
SensoryExamples:AudioElectronicVisualThermalOlfactoryOr similar information
ProfessionalProfessional or employment-related information
EducationalEducation information, defined as information that is not publicly available personally identifiable information (PII) 
Examples as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)
ModelingInferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s PreferencesCharacteristicsPsychological trendsPredispositionsBehaviorAttitudesIntelligenceAbilitiesAptitudes
Protected Health Information (PHI)“Individually identifiable health information” is information, including demographic data, that relates to:the individual’s past, present or future physical or mental health or condition,the provision of health care to the individual, orthe past, present, or future payment for the provision of health care to the individual

Identification Verification Process

There may be times where the requests and precision of collection may require the identity of the requester to be confirmed before proceeding. A classic minimum standard is suggested to be followed before any request for information be amended, deleted, or transmitted to/by the consumer.

At least 2 verification methods need to be completed to continue with processing:

  1. Request state-provided identification
  2. Request certified bill/document with residential address
  3. Request sent through identity verification tool or provided
    Example: https://www.trulioo.com/ 

Data-Protection Categories

We also suggest having the standard cookie and data-protection categories:

  1. Strictly Necessary Essential (MIN):
    Essential cookies enable core functionality, such as page navigation and access to secure areas. The website cannot function properly without these cookies.
  2. Functional:
    Functional cookies allow us to remember choices you make during your visit to a website–they are necessary to provide features and services specific to individual users.
  3. Performance/Analytics:
    Analytics cookies track your online behavior and share data with 3rd-party services that help us improve the performance of the website.
  4. Targeting/Marketing:
    Marketing cookies track your online behavior and share data with 3rd-party services that help us improve the relevance of marketing campaigns you receive.
  5. Social (MAX):
    Social cookies are a range of social media services that track across other sites and build up a profile of your interests

It is crucial that our policies evolve with the constant changes and advancements in technology, particularly when it comes to the protection of consumer information. However, as the article highlights, currently only a small percentage of these rights and types of information have widespread protection. Consumers also do not have a good understanding of the types of information collected and how it is used. It is imperative that we continue to advocate for and implement legislation to ensure these rights and protections are upheld in the digital world.

Note: ZAMARTZ Consulting and affiliates are not responsible for any issues, litigation, or cases as a result of shared data and opinions on this page.

Additional External Reference:

http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375

  1. How Does a Digital Cookie Work?
  2. Best Marketing Strategy with Privacy Changes in Cookieless, Emails, and Opt-Out Tracking.
  3. Explaining Privacy Changes in Cookieless Marketing, Email, & Opt-Out Tracking