Sourcepoint introduces sensitive data opt-in feature to prepare users for privacy changes
Sourcepoint has launched a sensitive data opt-in feature for its consent management platform (CMP) to help customers prepare for US privacy changes on the horizon.
As of March 31, 2024, the Washington “My Health, My Data” Act will require opt-in consent for tracking and collecting personal health data, which is defined very broadly. Several other US states already require opt-in consent for sensitive data collection, but Washington’s new law also provides a private right to action to consumers. This marks a paradigm shift from the traditional opt-out approach that most states have previously required. Sourcepoint’s feature supports a new model for consent in the US that has so far been limited to the EU, allowing more customers to be privacy-forward in their approach to navigating such a complex landscape.
As Washington’s “My Health, My Data” Act ushers in a significant change in US regulatory oversight, it’s more important than ever for companies to assess if they are collecting sensitive information or if any of their third-party partners are. This poses a challenge not just because there is no single comprehensive privacy law in the US, but because the definitions of sensitive data vary greatly across federal, state and sectoral laws.
Several comprehensive state privacy laws include sensitive inferences in their definitions, meaning that data that reveals certain sensitive categories could still trigger the law – like a consumer’s browsing history of health-related articles on a media website or shopping history of health-related purchases on an e-commerce platform. Some states also require express consent before sensitive data is processed.
With the new feature functionality, Sourcepoint’s CMP solution can now be used in a broader, multi-regulation context. Large enterprises can now establish an opt-in message on Sourcepoint’s CMP that notifies users of data collection, asks for consent and passes the signal downstream. Sourcepoint’s highly customizable platform allows companies to tailor messaging to the look and feel of their brand for a seamless experience that encourages more engagement with end users.
“Washington’s health-specific data law represents a big shift in US privacy and consent management,” said Julie Rubash, Chief Privacy Officer and General Counsel at Sourcepoint. “When new US privacy regulations are first implemented, the industry tends to ‘wait and see’ until lawsuits are filed before taking action – but fines and other penalties can come at a high cost and damage a company’s reputation. To stay ahead of the curve and mitigate risk, Sourcepoint’s new CMP feature will allow brands to prepare for a possible domino effect of multistate legislation.”
“We believe 2024 will be the year of sensitive data,” said Gabe Morazán, Product Director at Sourcepoint. “As other states are likely to follow Washington’s lead to pass opt-in laws, now is the time for companies to ensure their enterprise privacy strategy is evolving with the changing landscape in the US and globally. Sourcepoint’s sensitive data opt-in feature allows enterprises to better facilitate a dialogue with their customers to encourage consent decisions and transparency in data sharing.”