NAI Reimagines its Compliance Program for a New Era

The NAI is implementing a comprehensive plan to revamp its compliance program to help member companies adjust to a growing variety of state privacy laws and evolving federal and state regulatory initiatives.

Today the NAI, in furtherance of its commitment to strong industry self-regulatory frameworks, is announcing a restructuring of its Code of Conduct (Code) and compliance program that will aim to provide a clear and manageable path to compliance with the evolving patchwork of privacy and data protection laws. This plan will meet the immediate needs of member companies facing a complex and shifting regulatory environment and disparate platform requirements. The NAI will work with members and key constituencies to revise its Code and guidance documents to align with new regulatory requirements, set benchmarks, and support proprietary tools, all of which will help member companies demonstrate their commitment to responsible data stewardship.

The NAI’s New Path Forward: Compliance Assessments & Benchmarking

The NAI is embarking on a new evaluation process that will synthesize disparate frameworks and provide a clear path to compliance that aligns with state and federal requirements. The NAI will also work to provide new tools, such as templates and automated assessments, that members can use to foster consistency and collaboration across the industry. The NAI will continue to offer industry best practices that harmonize and standardize definitions and requirements, as well as practically address ambiguities in consumer data protection legislation and regulation.

Going forward, the NAI is concentrating its resources heavily on:

• Educating member companies about new state and federal legal requirements;
• Comprehensive privacy evaluations for members;
• Providing guidance and best practices that will help companies better understand new obligations in areas where legal requirements are silent or ambiguous, and provide pathways to mitigate likely risks with appropriate safeguards that support a diverse and competitive ecosystem.

NAI will use its new technology partnership with SafeGuard Privacy to survey its members on  their privacy programs, consumer disclosures, and the provision of choice mechanisms, as well as best practices outlined in the current Code, with a focus on those elements not superseded by new laws and regulations. The NAI will not use its annual reviews to determine compliance with the Code, but instead will use the assessment process to evaluate and learn about how companies are complying with existing law, in order to build collective knowledge and the foundation for a new self-regulatory approach. Throughout 2023 and 2024, the NAI will report aggregate metrics based on data derived from these comprehensive privacy evaluations, which will enable member companies to benchmark their privacy programs. NAI members will still be required to provide consumer choice mechanisms, including NAI opt out tools, global privacy controls, or alternative choice mechanisms.

Next Steps: What Members Need to Know

NAI member companies can expect to receive more detailed information on membership requirements in the coming months. In addition, members will receive invitations to participate in the annual evaluation, including an updated assessment form and information on integrating with the NAI SafeGuard privacy portal. NAI will conduct webinars and regional events to give members the opportunity to engage with NAI staff in updating the existing Code and guidance documents, as well as to help develop standard definitions and best practices.

Over the next 18-24 months, the NAI will help companies implement standardized definitions or requirements, develop best practices in areas where laws and regulations are ambiguous or silent, and develop, integrate or promote key compliance technologies. These workstreams will empower companies to clearly highlight responsible data practices and align themselves with industry thought leadership on privacy matters.

Building on a History of Compliance with the NAI Code and Self-Reg Program

The NAI is ideally situated to make this transition. The NAI’s current self-regulatory program and its Code were originally created to bring clarity and certainty to member companies by instituting high standards for responsible data collection and use. The NAI’s unparalleled, structured self-regulatory program and in-depth engagement with member companies has allowed the NAI to evolve its Code and guidance over the years to address the latest technology developments in a privacy protective manner.