By using website you agree to our use of cookies as described in our cookie policy. Learn More

TDWI Upside - Where Data Means Business

Building Customer Trust in Your Data Policies

A customer’s trust in how you collect and use personal and business data can be a competitive advantage.

Although there has been little cross-border enforcement of data privacy laws, we have certainly seen the toll of consumer pressure on international businesses. According to McKinsey, 87 percent of consumers would not do business with a company if they had concerns about its security practices, and 71 percent said they would stop doing business with a company if it gave away their sensitive data without permission. Considering the recent rise in data breaches -- with a 141 percent increase in compromised records due to breaches in 2020 compared to 2019 -- the stakes are high for businesses when it comes to staying compliant. Keeping personal information safe and secure is ultimately a driving factor in cultivating customer trust.

For Further Reading:

How the Trust Gap Is Holding Back Data-Driven Decisions

Data Privacy in a Globally Competitive Reality

Trustworthy Data: The Goal of Data Quality and Governance

Trust is Not the Same as Compliance

Trust, as it relates to data, means that businesses should treat data privacy and compliance like any other corporate social responsibility pledge. Research reveals that almost three-quarters (71%) of U.S. consumers admit they rarely read data-sharing disclaimers. Although this leaves much room for businesses to take advantage of consumers, a good data steward would still prioritize consumer safety and privacy.

“Do my customers trust my business with their data?” is different from “Is my business GDPR compliant?” The first question is for business leaders to foster healthy relationships between their company and consumers. The second question only calls for organizations to look at the bare minimum precautions to put in place to avoid penalties and a PR nightmare.

Let’s look at a hypothetical example. Under the rules of the GDPR, businesses may collect and share data with third parties with appropriate consent that was freely given, specific, informed, and unambiguous. However, a business that wants to go the extra mile and strive towards building trust might offer simple, plain language disclosure for each event of data collection on their website rather than one blanket consent and disclosure process that’s subsequently hidden under a privacy policy link.

This additional effort need not be onerous or invasive. A short, understandable explanation of what you’re about to do with the data your customer has just entered can go a long way to eliminating any apprehension about customers providing their data and whether they believe you will “do the right thing” with it. A business that is only interested in securing and selling customer data might use lengthy text and confusing jargon so customers consent to data sharing without understanding their rights.

Meeting compliance regulations is a feat alone, especially for businesses with global consumers. Depending on where your customers are located, there are a vast array of laws to abide by, such as GDPR, CCPA, HIPAA, and many more. These rules were established by various governing bodies at the private, state, and national levels, and at various points in time. As data sharing evolves, so must the strategy to protect corresponding data. This is why businesses should look beyond compliance to take a forward-looking stance on safeguarding private information.

The Data Privacy Partnership Between Consumers and Companies

Every minute of the day, 5.7 million Google searches are conducted, 65,000 photos are shared on Instagram, consumers share $304,000 on Venmo, and $283,000 is spent in transactions on Amazon. This is just a microscopic look at the flood of consumer data.

Consumers do have a responsibility to themselves (and their dependents) to be wary of predatory data collectors and sellers. Willful ignorance and unnecessary risk should always be avoided; this includes not password-protecting sensitive information, enabling cookies without understanding what data may be saved, and indiscriminately trusting businesses to handle any and all data. We have all been guilty of poor data protection to some extent, but taking time to learn how data is processed, stored, and used should be an ongoing effort for every individual.

Although the responsibility of paying due diligence does lean on consumers to some extent, it is also important for companies to work with consumers as they develop a privacy framework. For example, organizations can commit to making it easy for consumers to understand data privacy policies by writing terms in clear and concise language and they can offer honest FAQ sheets to address how customer data is used. Businesses can also invest in data scanning and remediation software and hire third-party auditors to monitor data security within the organization.

Businesses will need to lead with integrity and transparency when communicating with customers why and how their data is being collected, what it is used for, and how that company plans to keep it safe and secure.

As 2022 progresses and companies continue to navigate the evolving data compliance landscape, they should not only prioritize data privacy but use it as a competitive advantage rather than consider it a box-ticking exercise.

About the Author

Stephen Cavey is the co-founder and chief evangelist at Ground Labs. He leads a global team empowering enterprise partners to discover, manage, and secure sensitive data across their organizations. He has deep security domain expertise with a focus on electronic payments and data security compliance. You can contact the author on LinkedIn and follow Ground Labs on Twitter.

TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.