Attention to data privacy has skyrocketed in recent years. You only have to look at google trends to see that data privacy is increasingly on people’s minds.
But what does this mean for your customers? Besides growing awareness, what do they actually think about data privacy and what are the implications for how you manage their information? We’ve summarised some of the key trends below.
People view privacy as a fundamental human right. The UN Declaration of Human Rights recognises privacy as one the basic human rights that should be provided to everyone, and this is reflected in people’s expectations. A KPMG survey of North Americans found that the overwhelming majority (87%) agreed that data privacy is not only important but also a human right.
Consumers are growingly concerned and increasingly aware of the potential for data breaches and privacy invasions. Major privacy violations (e.g. Cambridge Analytica, Edward Snowden) and a steady stream of data breaches, such as those at Uber, Twitter, and Medibank have brought privacy to the centre of our attention. Bad news has been hard to avoid. As a result, 86% of consumers describe privacy as a ‘growing concern’ (KPMG). It is not surprising that many of us worry about whether the information we share online will remain safe, if it is just Alexa listening to us, and how much of a threat has already been unleashed with AI.
Consumers are in support of growing privacy legislation but their awareness about the nature of protection remains low. There has been a growth in regulation, such as GDPR, CCPA and CPRA, with privacy legislation in over 100 countries and more on the way. Consumers are broadly supportive of legislation, with over 60% (Cisco) agreeing that it has a positive impact, yet awareness of the specific protections remains low. Cisco found only 43% of people are aware of the national laws in their country, with awareness slightly higher in the UK, France and Germany (~50%) where GDPR laws have been in place since 2018, while awareness in Australia remains particularly low (23%).
The negative impact of a poor privacy experience is almost as severe as that from a data breach. Research from Google and Ipsos found that the damage to brand trust following a poor privacy experience (-35%), such as forced acceptance of cookies to browse a website, was almost as severe as the harm felt from a data breach (-44%). Privacy and protection therefore both need to be treated with high importance to avoid the risk of damage to your brand reputation.
Customers are willing to take action to protect their privacy, including voting with their wallets. Cisco’s 2022 Consumer Privacy Survey and Data Grail both found that ~75% of consumers would not buy from a company, including their favourite retailers, if they do not trust them with their data. Furthermore, consumers are willing to switch in the event of a negative experience: more than one in five customers have already stopped using a company following a data incident (Thales Group).
Privacy concerns are greater amongst younger generations, meaning that the importance of protecting privacy will only increase over time. Gen Z and Millennials consistently demonstrate higher expectations around managing their privacy and they are more willing to shop around based on how much they trust providers (Data Grail, McKinsey). This indicates that privacy will become a more influential purchasing factor over time as the population ages.
Organisations in the social media, entertainment and government sectors will have to work harder to win the trust of their customers as not all industries are trusted equally. Finance and healthcare organisations were most trusted by consumers to handle their data, according to both McKinsey and Thales Group, while organisations in social media, entertainment and government sectors were typically least trusted.
Cultural nuances shape views on privacy, resulting in different perceptions of risk and need for control. Research from Google and Ipsos demonstrated that customers based in the US, UK, France and Australia perceive higher risks from sharing their information and exhibit a strong need for control over their data. These cultures are typically viewed as individualistic (rather than collective) and therefore less trusting, while they also exhibit greater uncertainty avoidance. The Nordic countries, which are classified as collective, were the opposite: customers perceive low risk from sharing information and exhibited a low need for control.
Compliance is no longer enough, customers expect transparency. Cisco research demonstrated that customers rank transparency as the most important factor for building trust, which was twice as important as compliance (which ranked in second place for importance). Customers want organisations to be explicit about when and how their information is being used.
Consumers feel a lack of control over their privacy, which further erodes trust. Nearly half of consumers do not feel in control of their data, as it is too hard to determine what companies are doing with their information (Cisco), and over a third of consumers feel overwhelmed about managing their privacy (Data Grail).
More customers will actively manage their data as they wish to be in control. Cisco found that nearly one in four customers have already exercised their rights for data subject access requests (Cisco). However, Google and Ipsos found that 67% of consumers want to control the data that they share, which indicates that we can expect more consumers to exert control over their information through DSAR requests in the near future.
With privacy awareness growing businesses should aim to address the declining consumer trust in how their data is handled. The lack of trust represents both a challenge and also an opportunity to differentiate where most businesses are currently failing.
How can you address consumer privacy needs and declining trust?
1. Minimise the collection of personal data.
Holding personal information is a risk to both the organisation and the individual in the event of a data incident. Reducing the amount of information limits the likelihood and scale of harm.
- Only collect data where a legitimate business purpose has been identified
- Erase data as soon as this purpose has been fulfilled and any legal obligation for retention has expired
2. Ensure data is protected throughout the entire lifecycle.
Once trust has been damaged it is difficult to restore. Therefore, build protection and privacy into your development practices from day one to prevent harm to your reputation.
- Encrypt all sensitive data
- Use data anonymisation and aggregation wherever possible
- Implement strict identity and access management (including tracking)
3. Don’t mistake compliance for transparency.
While compliance is necessary, it is no longer sufficient to meet customer needs. Customers want to be informed.
- Implement transparent privacy policies with clear language
- Clearly communicate what data is collected, when, and for what purposes
- In the event of a breach, communicate openly and quickly with all customers
4. Make customers feel in control.
Data management requests are now part of customer service. Be prepared to handle them and treat them as an opportunity to differentiate through providing better service than competitors.
- Clearly seek consent before collecting any data while minimising the impact to customer experience
- Enable customers to easily revise consent over time
If you would like to learn more about what we are building at Onqlave to help protect sensitive data, follow our updates via LinkedIn, sign up to our newsletter or feel free to get in touch with any of our team.