“Privacy” and “data protection” are two defining topics of our zeitgeist. From recent high-profile hacks, leaks and abuses, to regulatory efforts like GDPR and the rise of AI, “data” is firmly at the forefront of our minds – both as an unparalleled opportunity and explosive danger. So, it makes sense that more businesses are weighing in on the conversation.
Thousands of companies are volunteering their approach to customer data; from how they collect and store it, to how they handle and protect it. But it’s no longer sufficient to just link to a 30-pager of dense legalese from you website footer; businesses are devoting whole landing pages, adverts and articles to lay out their policy and values. They are choosing to own the topic by crafting a narrative around customer privacy.
It doesn’t matter how you broach the data security topic; you just need to ensure you do – transparently and openly. Here’s why privacy by design is now central to a positive brand image, and why every company needs to talk about data.
Data collection is not the problem
As the world becomes increasingly digitized and connected, there are growing opportunities for collecting and using personal information. This in itself is not a bad thing. In fact, it offers the opportunity to do a lot of good; more data and better analytical tools allow us to solve tons of problems present in everyday life.
Beyond the blockbuster projects of self-driving cars and cancer screening, AI and big data holds huge promise for improving our lives on the small level. On the consumer side, sharing data can help you find the perfect place to live, hunt down your dream job, or track and improve your mental health. On the business side, by collecting more accurate data on how we work, tools like Deckard and Timely can help predict project timelines and show us how to use our time more effectively.
So, the collection of data itself is not the problem – and really, the way you use data to help customers should be your main company story. Instead, it’s the fear of misuse and mishandling of personal information that can undo your best intentions.
The draw of hacking
Let’s start with the basics: data is misused if it is employed for any purpose other than that which your users initially agreed to. Low-level misuse could be sending an email without consent, whilst a high-level misuse would likely come from a major data breach – stolen credit card details are a classic example of this; the financial benefits for fraudsters and detriment to the victims fairly clear-cut.
Perhaps less clear is the value of more mundane forms of hacked personal information, such as Facebook and Amazon accounts. After a major Facebook hack in 2018, the user profile data of users was sold for anywhere between $3 and $12 per account – which seems pretty trivial at first glance. Combine the value of these hacked accounts though, and the total was as much as $600 million.
With each of us possessing a seemingly endless number of online accounts, hacking provides big business for those willing to take the risk.
Why data is so valuable
You’re probably thinking, why are these account details even being purchased? Who cares about your Facebook profile? The first answer to this is that the log-in details and passwords from these accounts can act as a direct gateway to valuable forms of personal information. Scanned copies of IDs or financial documentation sent over Facebook Messenger or email could provide all the information required for identity theft.
Personal or business information could also be held for ransom by hackers. A recent hack in the UK claimed to have obtained footage of the victims watching adult content, and that these videos would be sent to every Facebook contact if a ransom was not paid.
Looking forward, the ways in which hacked information can be used will only increase. The Cambridge Analytica scandal offers an insight into how hacking can be used for micro-targeting. Though Cambridge Analytica did not hack per-se, they misused the data of 87 million Facebook accounts to build psychosocial profiles.
From this information, Cambridge Analytica sought to understand voters’ behaviour and micro-target them to influence their decisions in the 2016 US Presidential elections. As companies seek to further understand consumers, hacking for the purpose of profiling will only become more lucrative.
The growing legal response
This growth in data collection and major data breaches has led to a strong legislative reaction – with the EU’s GDPR being the most high-profile example of data protection regulation. Any company processing EU citizen data, even if they are located outside of the EU, has to abide by its stringent new protections.
In essence, this legislation requires that data collection is limited to that which is strictly necessary, and that appropriate levels of security are implemented. If breaches take place, administrative fines of up to 4% of annual global turnover, or €20 million can be imposed. So ensuring data is handled properly and is secure against breaches is crucial for avoiding costly fines.
The EU is not alone in its push for tighter protections. California, the home of Silicon Valley, also passed legislation on data privacy in 2018. It bound companies holding data on over 50,000 individuals to standards which are not too dissimilar to those of the GDPR.
In the wake of this legislation, it’s unsurprising that a debate over tighter nation-wide data protection standards is emerging in the US. Because of this, data protection legislation is likely to hold significance, regardless of the jurisdiction operated in.
How data impacts brand image
The tightening of data protection legislation hasn’t just emerged out of nowhere; it is the direct product of the erosion of customer trust in how organizations handle their data. People care about privacy and actively chose products and services based on this; research by KPMG highlighted that 55% of consumers have decided against buying something online due to privacy concerns.
What’s more, 59% of companies who have experienced a breach reported a moderate to strong long-term negative effect on their business. So while the large fines for data breaches may have grabbed the headlines, the longer-term damage to brand image could be even more damaging.
The increased scrutiny over data protection doesn’t necessarily pose a threat for businesses – it can actually be considered an opportunity. A Deloitte study demonstrated that 80% of consumers were more likely to purchase from a company they perceived as protecting their privacy.
Ethics and legal obligation aside, taking a clear stance on data handling, it seems, is now a highly effective marketing tactic. Apple’s success in incorporating privacy into its brand image demonstrates this clearly. Though the company has faced criticism for its recent lack of innovation, its commitment to privacy has allowed the company to carve out a USP and maintain a strong brand image.
Transparency always wins
Most companies can’t receive the same levels of publicity Apple gained in its high-profile court battle with the FBI over consumer privacy. But raising the topic of data security and understanding its importance is within every company’s grasp.
An enduring commitment to privacy offers huge opportunity for businesses, and shouldn’t require extra effort – in essence, you are just making the internal values and policies that govern your business practice accessible to the public. Remember that transparency is fundamental to building customer trust; showcasing the strength of your convictions towards privacy is a great place to start.