Ever-Changing PII (Personally Identifying Information) Regulations

Photo by Nadine Shaabana on Unsplash

The outcomes from the technological revolution of the last ten years have not all been good. Some have streamlined the way we do business, but others have added incredibly hairy and tangled layers of complexity to them. Take for example the ever-changing regulations around personally identifying information (PII for short). PII is any information that can be used to distinguish or trace an individual’s identity (for example, names, Social Security numbers, driver’s license number, bank account numbers, etc.). PII regulations are a major outcome of the tech boom we’ve been witnessing.

As our reliance on technology has grown, so too has the storage of information. The amount of data storage used worldwide is growing.

When you create an account with a company—any company—your personally identifiable information (PII) goes into their databases, and they hold on to that data forever unless the company has a reason to delete it.

There is an abundance of PII data. In countries with full internet adoption, the average person has many accounts online. In 2017, the average American internet user had 150 online accounts that require a password.

The consequence of PII regulation

The big outcome of that abundance of data has been positive: it has allowed companies to create better and better experiences for their customers. But from the perspective of the user—the little guy—it’s created a lot of fear of vulnerability. That fear has led to increased government oversight. Consequently, industry—not just our industry, but all industries all over the globe—face an incredible challenge to continue to provide the high-quality experience users have come to expect while simultaneously meeting the shifting expectations of government bodies.

Dealing with PII regulations

Let’s look at some examples of PII regulations that impact direct sales companies at the time of the publication of this article.

• In Japan, an MLM customer’s data can be transferred to a third party (as long as the customer doesn’t opt out) but the third party can’t re-transfer that data to anyone else. In other words, you can show a customer’s data to their sponsor, but that sponsor can’t legally share that data with anyone else. This presents not a software problem but a training and compliance problem.
• California has The California Online Privacy Protection Act which requires that your website have an easily found privacy policy and regulates what that privacy policy must detail. You must follow the regulations of this act if your website is accessible by California residents—regardless of whether you operate in or use a web server in California.
• The biggest, most extreme example of PII regulation to date is the European Union’s General Data Protection and Regulation (GDPR) law. GDPR is complex and still in flux. One example requirement is that if a user of your software asks you to delete them from your records, you have to completely remove all references to them that have PII data—from your sales ledgers, from your distributor tree, from every single database you keep—in the space of one month. Failure to meet the EU’s requirements can result in fines as large as €20M or even larger, scaling to your annual revenue.

If you aren’t prepared to respond to these specific regulations, you aren’t prepared to go into these markets. Furthermore, you have to be prepared to respond to whatever regulations replace them tomorrow.

Your system has to have the agility to deal quickly with everything that your field throws at it. That means you must look harder at your MLM software provider to make sure that they are keeping up with the times.

You can’t just hope for the best. You have to know you’re working with a partner you can trust.

---

At MLM-CC we help our clients navigate the complicated series of decisions behind choosing a software provider. We know the big players, and we can help you get the best system for your unique needs.