The world is changing when it comes to data privacy. In Australia, the Notifiable Data Breaches scheme is barely a month old. In Europe, the EU General Data Protection Regulation (GDPR) comes into effect next month. As the public, and the media, focus on where customer data ends up, what does it all mean for business?
Consumers are taking a closer look at just what information companies have on them and it’s often more information than they otherwise assumed. Whilst users consent to data collection by agreeing to company terms and conditions, they often do so without understanding the implications.
There are a number of reasons why businesses should be concerned when it comes to the misuse of customer data or breaches.
The PR fallout from exposing customer data to purposes they did not believe they signed up for can be immense, culminating in lost users, stock price plunges, regulatory action or lawsuits. If that weren’t worrying enough, PwC studies have confirmed that customers do not take kindly to breaches of their data, and they will take their business elsewhere.
For companies that collect customer data in some form or another, how they use it and who they share it with can be a minefield. How many businesses are allowing third-party access to customer data in order to improve or even run their product? In many ways, doing so is essential, particularly to companies who want to scale but are not, nor should be, experts in every area of their supply chain.
Avoiding the use of third parties to implement business imperatives is not possible. Yet doing so opens businesses up to breaches of trust (at the very least) that may not come about from breaking the rules of a collection policy, but instead go against the public’s perception of what the rules’ intentions should be.
Unfortunately, there is no easy way to simply protect customer data. Regulation is one option. The GDPR and Notifiable Data Breaches scheme are two such initiatives to protect citizens when it comes to their data privacy.
In the United States, however, such privacy laws are often nebulous, dependent upon state laws and context. Elsewhere in the world privacy laws are often non-existent.
Much of this argument revolves around the idea of informed consent. Can a customer be expected to understand the legalese that pops up (often in the hundreds of pages) when clicking accept to access an online service?
It’s a question that hasn’t yet been answered, but clearly, when it comes to apps using information for purposes that customers think is outside the realm of their service, there is a fine line between what they believe is acceptable and what isn’t.
For a business then, even adhering to regulation may not provide complete coverage.
It should go without saying, but companies need to prioritise their cyber security and data privacy. This is a matter of business strategy, given the implications, and shouldn’t be thought of as simply an IT box to be checked. That security needs to be built on proven tactics and transparently communicated to customers to ease their concerns.
Trust can only be built with time and action. Particularly given new data laws, customer’s need to be able to access the data that you keep on them, and be able to control how it is used.
Regulation is not the be-all and end-all, and many companies that end up in the headlines have not broken any laws, or willfully deceived customers – after all, customers will often sign up to a service and willingly part with their data to do so. This doesn’t mean they necessarily understand the extent of that contract. While legally, this might protect the business, perceptions matter and customers can still vote with their feet to go elsewhere.
Importantly, businesses need to put themselves in the shoes of their customers. Understanding how they feel is a big part of being able to plan ahead, negate any issues and build goodwill that will be necessary in the event of a breach.
There’s no question that in the world we live in, businesses need data in order to thrive. Data informs business decisions, product development, optimisation and marketing. Sometimes, that data needs to be shared with third parties in order to do business.
People are willing to part with a certain amount of data in order to get a better customer experience, but this isn’t an unlimited honey pot.
To cement trust and engage with consumers on a deeper level business needs to be transparent over where and how that data is being used. This includes who is using it, how it is being protected, and notifications if changes are made or, if disaster strikes, if breaches occur.
For further suggestions on data protection and background information into how customers will react to the misuse or breach of data, visit our Consumer Intelligence Series report, Protect.me.
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.