Data443 Risk Mitigation, Inc.

Opt-In or Opt-Out: Which Route Should Your Organization Go?

The General Data Protection Act (GDPR) launched a worldwide conversation on data security and consumer data protections. As historical data breaches continue to happen on a way-too-frequent basis, and data privacy legislation expands across the globe, companies are taking a harder look at their privacy policies and their obligations under each law. Each regulation has different requirements, from e-mail marketing to sale of personal data, but the options consumers have remain the same.

California Consumer Privacy Act

While the final details of the law that becomes effective January, 1, 2020 might still be fine turned, the overall requirements will remain. Of these, the act requires businesses and websites that fall under the law to provide consumers the option to opt-out of the sale of their information.

This raises the question – is there an advantage to opt-in vs opt-out?

Opt-in or Opt-out?

Opting-in gives the consumer the choice to check an unfilled box, opting-in to receive your e-mail communications, allow for information to be shared with other partner companies, etc. When a consumer opts in they are telling you, “Yes, I agree that my information is shared with ….” whatever the terms you have spelled out.

Requiring consumers to opt-out places the responsibility to decide whether to allow the sale of their personal information up front, before continuing on a website or making a purchase on an app. The method here is the consumer expressly saying, “No, you may not share my information in any way.” You may pre-check the box and require consumers to uncheck it in order to opt-out.

Opting-Out ROI impact with e-mail marketing

Opt-out email subscriptions may devalue the quality of your contacts, and will ultimately decrease your return on investment (ROI) in certain areas like e-mail marketing. Some consumers that are not expecting your email may mark it as spam, potentially increasing your overall risk of being spam filtered out of future correspondence.

In addition, most mass email services charge based on the number of e-mails being sent. If you are looking for the highest engagement and ROI, having a list of 5,000 consumers receiving emails where 1,000 engage, your return is far better than having 50,000 consumers with 2,000 actively engaging.

Ultimately, if you collect consumer information and are regulated by any privacy law, the best practice to prevent noncompliance is to require consumers to expressly opt-in PRIOR TO the entry point of data collection.