top of page

Privacy Rights & Access Requests- Are You Ready?

Updated: May 29, 2023

Privacy Rights & Access Requests

Privacy is a big deal in 2021. No one wants their online purchases to be used to sponsor someone else’s vacation. There’s oversharing, and then there’s oversharing. Consumers are becoming increasingly sensitive to data privacy, especially with Facebook's Cambridge Analytica scandal. The discussion about consumer privacy has grown so loud that even lawmakers are now trying to keep up with it, with their cries for more regulation.

The fast pace of technology is changing the face of governments across the world. With the rise of Big Data, cloud computing, the internet of things, artificial intelligence, machine learning, blockchain, cryptocurrencies, etc. many governments are now looking to leverage these technologies to make their governments more efficient, accessible, and transparent.

Two-thirds of the world’s countries-— 128 out of 194— have enacted legislation to ensure the security of their citizens' data. So, almost 66% of countries adopting and implementing privacy legislation! Even multiple African and Asian countries are looking to improve privacy legislation.

Privacy Laws

Three states—California, Colorado, and Virginia—have created statewide consumer privacy laws. All three laws have several provisions in common, including the right to access and delete personal information, as well as the right to opt-out of the sale of personal information.

These regulations exist for several important reasons: specifically, consumers should be granted access to the personal information that companies may hold on them, and they should also be able to request that companies erase it as preferred.

Consumers should have the right to choose whether they want their data sold, and there should also be regulations requiring encryption for any data sold (to make it more difficult for unauthorized parties from exploiting it).

Other provisions require commercial websites or online services to post their privacy policy outlining what types of personal information they collect, how they use this personal information, and if they share it with other parties either for marketing purposes or otherwise.

In addition, there's a U.S. model bill that serves as a template called the Uniform Personal Data Protection Act which sets out principles that businesses must follow in order to adequately protect consumers' personal data from malicious hackers and identity thieves who can steal your personal information from your computer.

US Privacy Right Acts

California (CCPA)

This act outlines the rights that consumers have when it comes down to their privacy. Specifically, this act grants consumers approval to request information about any relevant information that business owners might have collected about them during their processes.

Businesses are legally bound to disclose to consumers all the pertinent personal information in one concise document so that they can make informed decisions regarding the potential relationship with businesses.

The new privacy law (CCPA) states that consumers may request to delete all their personal information from a company's servers. You need to ensure you have the right systems in place, so consumers can do this efficiently. This privacy law affects any personal information consumers want to be removed from your company's servers.


Colorado Consumer Protection Act. Ensures consumers’ rights to privacy, companies’ responsibility to protect personal data, and authorizes the Attorney General and district attorneys to take enforcement action for violations.

This law defines terms related to data and helps to put protections in place for consumers and businesses alike. The effective date was slated to be on January 1, 2023, but as of this writing June 9th, 2019, businesses will now be required to comply with this standard earlier than anticipated.


This bill outlines the responsibilities and rights that private firms have to their customers about how people's data is gathered, stored, used, and shared.

The Consumer Privacy Bill of Rights grants audiences the right to access, correct, delete, obtain a copy of their data, and to opt-out of the processing of their personal data for purposes of targeted advertising.

You must let users know exactly what they're signing up for and when they can or can't expect changes that will affect them - don't let it be an afterthought!

Access to Request

Privacy Act of 1974

The Privacy Act of 1974 requires all federal agencies to make sure that we protect and keep data private; the purpose of the Act was to protect individuals against the misuse of their personal information and to make sure they know what will happen if it is disclosed.

One has the right to view and examine their personal files and request any necessary corrections and understand why or how often their information might be accessed.

Financial Monetization Act

As of 1999, the Financial Monetization Act requires financial businesses to provide customers with an informative privacy policy outlining what kind of private information they have collected.

This policy also explains what steps are being taken to protect that private info, whether it be online or elsewhere.

Fair Credit Reporting Act

The Fair Credit Reporting Act has provided an increased level of protection for consumers regarding personal information that is kept by credit reporting agencies. When it comes to limiting access to financial information, the Act requires agencies to have specific procedures that one must follow when either reviewing or making corrections to one's file.

There have been certain provisions added that protect consumers from being denied employment because of misleading information in their reports.

New Way of Advertising

As the discussion surrounding consumer privacy grows louder in the technology and marketing industries, those working across those two worlds are realizing what lawmakers have been screaming about for years now: the importance of self-regulation.

Major tech players like Facebook and Google are rolling out their own unique consent-based privacy frameworks, effectively taking away the need to legally hold these companies responsible for how they handle user data.

Organizations have been slow to react to the changing climate, although from now on, they will be more cautious about what information they collect from people.

Companies are holding their breath while trying to get a feel for technology compliance guidelines that will help shape their business strategies going forward. Using cookies might soon be a thing of the past if consumers keep rejecting these technologies.

What’s Next?

One of the most essential things for digital marketing is, of course, the data. This is especially so for first-party data. Companies need to capture their customers' attention more than ever before, and this is where first-party data becomes twice as important since marketers have their work cut out for them to capitalize on consumers' information.

It will become challenging for them to store the information, use the information, leverage the information, and sell the information - but they need to do this if they want their company's business model to stand a chance.

They need to make sure they are gaining consumers' trust by telling them how using their data can benefit them directly by providing some sort of incentive for consumers which will make it worthwhile for them to share their info with companies.

When companies do what they can to keep consumers safe, we can all share our favorite color and first car without worrying about the crypto crooks online. And isn’t that what social media being about— sharing things for no reason?

bottom of page