Home Data Privacy Roundup SafeGuard Privacy’s MSCA Tool Aims To Simplify The Chaos Of Compliance

SafeGuard Privacy’s MSCA Tool Aims To Simplify The Chaos Of Compliance

SHARE:
Comic: Swamped

Privacy lawyers and ad tech folks often don’t speak the same language. But at least now they’ve got an acronym in common: MSCA.

It stands for “Multistate Substantial Compliance Assessment,” and it’s a new tool developed by privacy compliance startup SafeGuard Privacy that businesses can use to do vendor due diligence and manage their compliance with multiple comprehensive state privacy laws.

And we’re up to a whopping 19 state privacy laws in the US now. Or is it 20?

Who’s counting?

The number of state privacy laws is oddly difficult to count.

A few days ago, I chatted with Richy Glassberg, the CEO and co-founder of SafeGuard Privacy, to get more information about the MSCA.

He was in the midst of explaining that the new MSCA questionnaire takes a “high bar” approach, meaning it uses the strictest standards from different state privacy laws as the basis for its assessment questions.

That way, companies can meet their compliance requirements without having to do a separate assessment for each state. “Trying to do that would be really difficult,” Glassberg said, “but it also becomes kind of unnecessary as we see more and more overlap between the laws.”

“We’ve gone from over 2,000 questions to under 200,” he told me, referring to the MSCA, “so now you can do due diligence on your partners with one assessment which covers all 19 US states that have comprehensive data privacy laws, and –”

I cut him off. “Wait, Richy. Aren’t there 20 state privacy laws in the US?”

He paused. I paused. We didn’t know.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

He told me he’d ask a lawyer friend and get back to me later, which he did. And guess what? There’s no concrete answer! 😂

For example, does Nevada’s rather flimsy privacy law count as comprehensive? Should Washington’s My Health My Data Act be on the list? It’s strict, but it only focuses on health data. Florida has a data privacy law – but it only covers business with over $1 billion in annual global revenue that also derive at least 50% of their revenue from selling online ads, which excludes a lot of companies.

The point is this: It’s chaotic and confusing out there when we can’t even agree on how many privacy laws there are in the US!

Overdue diligence

Navigating this complex legal landscape is a big challenge, and it’ll only get tougher as more US states pass data privacy laws.

The MSCA, which is part of the IAB Diligence Platform, took roughly eight months to develop, according to Glassberg, but it’ll be a much faster process to add new laws to the assessment, because the construct is already in place.

“We’ve mapped out all the obligations and, truth is, most new states pretty much follow what others have done,” he said. “And if they don’t, we can highlight those obligations differently.”

Some “high bar” questions apply to all businesses, such as one about a company’s policies and procedures for granting a request to delete. Other questions can simply be left off the assessment depending on the business.

If a company doesn’t touch health-related data or children’s information, for example, there’s no need to waste time asking them detailed questions about how they handle it.

Businesses that use the platform get notifications whenever there’s an update to regulations, a vendor changes its practices or anything else happens that requires action.

Using the MSCA, Glassberg estimates that businesses can reduce the amount of time they spend managing their own compliance and assessing third-party partner liability from weeks to around a day or two.

But the time savings aside, it’s high time – actually, it’s past overdue – for businesses to check themselves before they wreck themselves, regardless of the compliance technology they decide to use.

“The reality is that, COPPA aside, we’d been living in a mostly unregulated environment,” Glassberg said. “But now we’re operating in a heavily regulated industry – it’s a different world, and people need to wake up.”

🙏 Thanks for reading! And please take a moment to watch the best ad of all time. It’s a bona fide classic that privacy professionals can no doubt relate to. As always, feel free to drop me a line at allison@adexchanger.com with any comments or feedback.

🎟️ In other news, it’s time to get your tickets to Programmatic IO: Innovate, May 19-21 in Las Vegas. We’ve got lots of good stuff on the agenda, including a session with Daniel Goldberg, a partner at Frankfurt Kurnit, on how to recognize red flags when companies are promoting their supposedly “fully privacy safe” or “100% CCPA compliant” solutions. See you there!

Must Read

Peppa Pig

The Media And Retail Deals Behind The Peppa Pig Franchise Expansion

Peppa Pig is everywhere. Whether or not you have children, you likely know the little girl pig from the kid’s cartoon show. But the Peppa media franchise is just getting started.

Critics Say The Trade Desk Is Forcing Kokai Adoption, But Apparently It’s Up To Agencies

Is TTD forcing agencies to adopt the new Kokai interface despite claims they can still use the interface of their choice? Here’s what we were able to find out.

Why Big Brand Price Increases Will Flatten Ad Budgets

Product prices and marketing budgets are flip sides of the same coin. But the phase-in effects of tariffs, combined with vicissitudes of global weather and commodity production, challenge that truism.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

The IAB Tech Lab Isn’t Pulling Any Punches In The Fight Against AI Scraping

IAB Tech Lab CEO Anthony Katsur didn’t mince his words when declaring unauthorized generative AI scraping of publisher content “theft, full stop.”

Comic: Gamechanger (Google lost the DOJ's search antitrust case)

Here’s Who’s Testifying During The Remedy Phase Of Google’s Ad Tech Antitrust Trial

Last week, the DOJ and Google filed their respective witness lists and the exhibit lists for the remedy phase of the ad tech antitrust trial. Lots of familiar faces!

MX8 Labs Launches With A Plan To Speed Up The Survey-Based Research Biz

What’s the point of a market research survey that could take weeks, when consumer sentiment is rollercoasting up and down every day? That’s the problem MX8 Labs aims to tackle.