Data Privacy Metrics: Questions From Our Webinar
May 31, 2023
In the last few months alone, dozens of reported data breaches have already occurred.
Which is why, more than ever, a brand’s focus on consumer data privacy is paramount.
The good news: Companies are paying closer attention to how they handle and protect user data, but many are doing it solely to stay compliant with privacy regulations like the General Data Protection Regulation or the California Privacy Rights Act (GDPR and CPRA, respectively).
In fact, a 2023 report by the International Association of Privacy Professionals (IAPP) found that 35% of companies primarily protect user privacy to stay compliant with regulations. Certainly no shame in that, but other findings from the same report suggest companies should also be protecting privacy for additional, more profound reasons. Arguably the biggest? Consumer trust.
IAPP posits that more than 80% of consumers affected by a data breach would stop engaging with a brand following a cyberattack. This translates to loss of loyalty and, worse, lack of trust.
But if a company does endure a breach, how would it regain customer trust?
A brand that’s trusted from the get-go would enjoy higher chances of salvaging customer trust. So, if something should go wrong (like a breach), customers would be more likely to trust that the brand will fix it.
Typically, this applies to companies that place a deep focus on user privacy from the jump. Not only are those companies less likely to experience a breach, but they also have greater consumer trust—ideally, even in the face of a breach.
But for brands that were either late to the data privacy party or haven’t RSVPed to the invite, regaining consumer trust after a breach can be an uphill battle.
Ten years ago, when protecting consumer data had little to no regulation (and was certainly less of a business priority), household brands like Target felt the sting. In 2013, the retail company experienced a massive data breach—the largest retail breach in U.S. history—that affected millions of customers.
At first, the brand poorly handled the breach (it took them 16 days to notice it and another four to tell its customers). But Target righted itself quickly thereafter and, arguably, has made a complete recovery in terms of regaining customer trust.
Just months after the breach, Target shared a list of security and tech enhancements on its corporate site (see the 2014 list here). In it, the brand promised to enhance monitoring and logging, strengthen account security, and review and limit vendor access.
It helped, too, that Target already had a substantial base of loyal shoppers. What seems like simple touches—a user-friendly shopping experience, an appealing visual interior, and a deep sense of community—have kept consumers returning for years. Plus, regular attention to great customer service also likely contributes to strong shopper loyalty. In fact, in February 2023, the company announced a plan to invest upward of $5 billion for a greater guest experience. Even 10 years after its damning data breach, Target still looks for ways to rebuild trust (and establish it in the future).
Of course, in this new era of rigorous privacy regulations and a general desire to do better, companies can avoid disasters like the 2013 Target breach altogether. Especially if they look at data privacy in a particular light.
Consider viewing data protection much like the European Union does: as a basic human right.
Because we’ve long understood that people have a right to privacy, the existence of more data—particularly sensitive data like social security and healthcare information—may put individuals at risk, whether from being unlawfully profiled, discriminated against, or even subject to implicit bias.
For this reason, thinking about the types of data you need (and why you need it) before collection can help minimize risk if, in fact, a data breach occurs. Plus, it fosters greater respect for an individual’s rights, as well as their privacy from unnecessary and intrusive questions.
And because privacy in general is already recognized as a human right in much of the world (see article 12 in the United Nations’ Universal Declaration of Human Rights), suggesting the same for data privacy isn’t a stretch.
Thus, data protection laws like the GDPR or CPRA aim to support the public’s privacy, but in the digital age. As user data becomes just as vulnerable as it is prevalent, viewing data privacy as a human right is a necessary approach.
Unsurprisingly, it also generates greater consumer trust. Especially when 87% of consumers consider data privacy a human right. Bottom line: If your business places real value on data protection and privacy—and sees it, too, as a human right—consumer trust will come.
Additionally, privacy expectations vary across markets, but those variances and gaps are closing; individuals want to have equal privacy rights, regardless of where they’re based.
Thus, companies should take a principles-based approach to privacy by asking the following:
In thinking about your company’s own approach to privacy and how to build trust with it, the solution is simple: Be as transparent as possible about the policy you provide, how it handles consumer data, and your plans for aligning with data protection regulations as they evolve.
Consumers really do appreciate it. According to the IAPP report, 64% of consumers said companies that provided clear info about privacy policies enhanced their trust.
Consumers would much rather hear a less-than-desirable answer—“We don’t support that right now, but we’re working on it”—than an inaccuracy or fallacy about your policy.
Ask yourself: Is it easy to navigate? Does it have clear sections? Is it stylish? Perhaps it seems superficial, but not having those things provokes questions in consumers’ minds: How much time did a company spend on this? Have they taken the time and thought to design it?
Finally, engaging with your community about changes to your policy or regulation changes that may affect it helps nurture consumer trust. Knowing your community and your audience especially helps be proactive about anticipated changes.
The good news is that businesses are starting to realize how much their reputation hinges on having a robust data privacy presence. The IAPP report suggests 20% of companies protect consumer privacy to improve how consumers see them.
Rachael Ormiston is the Head of Privacy at Osano. With over 15 years of professional experience, she has deep domain expertise in Global Privacy, Cybersecurity, and Crisis and Incident Response. Rachael is an IAPP FIP and has previously served on the IAPP CIPM Exam Development board. She has a personal interest in privacy risk issues associated with emerging technologies.