More and more companies today are focusing their advertising and marketing budgets on internet and app-based advertising. As one Recode story revealed, businesses spent $209 billion globally on digital advertising—$31 billion more than they did on television ads that same year. This trend, however, has consumers on edge about how their data is being shared, collected, and protected. A recent National Advertising Initiative (NAI) survey revealed that more than 85% of the consumers who responded stated they were concerned at some level about the lack of privacy issues when browsing the internet or using apps, with roughly 56% stating that their primary privacy concern were fears of having this data pilfered by hackers.
As one of the United States’ leading advertising and marketing professional organizations, the NAI implemented its own Code of Conduct in 2000 to govern how the advertisers, marketers, optimization firms, sharing utilities companies, exchanges, and platforms that constitute its membership handle and collect consumer data. It offers specific guidance on how NAI members must collect, handle, and share any personal, device-specific, and geolocational data they collect from users during personalized online advertising campaigns. The Code protects not only telephone numbers, addresses, and names, but also health records, sexual orientation information, insurance plan data, and banking account numbers.
NAI members are required to publish clear and prominent notice on their websites that describe the types of advertising and marketing activities they conduct; the categories of data they collect, along with how they use and share it; and how long they keep user data on file. They’re also required to describe their opt-out procedures or make clear and conspicuous opt-out mechanism links accessible to users. From a data security standpoint, the code requires member companies to use reasonable security measures to protect this data and submit a written attestation to the NAI confirming this. The NAI does not elaborate on what security measures are considered “reasonable,” and mostly leaves this to the discretion of its member companies based on their data storage and IT infrastructure capabilities. Members are also required to timely dispose of users’ data within the timeframe they specify in their notices by deleting or de-identifying it to prevent any stored data from being linked to known individuals. The Code doesn’t just govern NAI members; any app publishers, vendors, and website partners who receive personally-identifiable or device-specific information from NAI members must agree under contract to honor relevant Code provisions when handling this information.
Companies that are looking to join the NAI must demonstrate that they are compliant with the Code of Conduct in order to secure admission, and are required to undergo annual compliance reviews afterwards. The NAI can refer violations to the Federal Trade Commission (FTC) for review and potential investigations. It also has the authority to expel members from the association and make public any compliance reports that show code violations. Ensuring compliance with the NAI’s code doesn’t require you to invest more into on-premises solutions and dedicated IT staff. In fact, you can save $3,966 monthly simply by migrating your user data onto a managed virtual cloud platform that supports 2FA, 256-bit AES encryption, NIST-compliant information handling protocols, and other NAI-compliant data security features.