If privacy is not a key component of your product, brand, and customer experience, it should be.
From national and international data privacy rules like HIPAA and GDPR to localized state initiatives like California's CPRA, there are numerous sets of laws that organizations find they need to follow. But organizations tend to exclusively focus on the legal and financial implications of these laws, such as what information they are allowed to get from consumers, what the law allows them to do with this information, and what the financial consequences of a breach are. To be fair, it is easy to get caught up in what it takes to comply with HIPAA or GDPR, as well as evaluating the average cost of a breach.
But getting your data privacy approach correct goes far beyond what is legal, with many people actively demanding access to their data in ways that go far beyond compliance. Today, Data Privacy should be an integral part of your product and your brand.
We all know from Business 101 that people will primarily buy due to price, product, or relationship. The smartest brands out there do not try to merely sell a product, they strive to build relationships. And just like personal relationships, trust is the foundation that leads to their long-term success or failure. Many people see their digital footprint as extensions of themselves, and therefore perceive how businesses treat their personal data as how that business will treat them as individuals.
We know from surveys that nearly half of consumers will not purchase from a company that has mishandled consumer privacy, and nearly 90% of responders are only willing to share information with brands that they can trust. As you can see, there is a lot to lose by getting data privacy wrong.
Today's consumers are more aware of privacy and the ways that organizations can use their data. Don’t let the lack of a Federal Data Privacy law fool you: 81% of Americans feel that the risks they face from data collection by companies outweighs the benefits. The concept that individuals own their data is growing in popularity, leading to numerous states attempting to fill the federal vacuum by passing their own regulations. Now that we know that data privacy leads to greater trust, it's time to look at the ways your organization's approach to privacy can make or break your brand's trust.
How your brand engages in consumer privacy is no joke, as the direct price of these violations are often quite steep. HIPAA violations have long been costly. More recently, the EU's GDPR has become a force to be reckoned with for companies that function using individual’s data. Since coming into effect in May 2018, the GDPR has been able to issue fines of up to 17.5 million or 4% of a company’s worldwide annual revenue - whichever is greater. These higher-tier fines can be issued if there is no breach, instead penalizing organizations for infringements on consent and rights to data privacy. Recently, Amazon was charged with a record breaking fine of $887 million for allegedly violating provisions of the GDPR.
Along with the financial and legal challenges, there is a real possibility that your poor data privacy compliance efforts can damage your brands' reputation, harming your ability to retain existing customers and attract new ones in the future.
Here are a few things that highlight how poor data privacy compliance can damage your brand:
Nearly three quarters of CMOs recognize that the worst consequence of a security breaches is lost brand value. News on breaches and compliance issues can travel rapidly through the internet, aided and abetted by news organizations who are only too eager to share bad news. In addition to the bad press, research has shown that most customers whose information was lost will share their bad experience with others. Then the issue is compounded by the consumers' habit of googling everything prior to buying, and you’re left with a reputational hit that no amount of PR can fix.
Third party organizations can put your brand at risk is they don’t take care of your customers' data. Always work to ensure that your partners and vendors respect your customers data, and you should take action to verify exactly what they are using that data for. Signing data processing agreements and Business Associate Agreements, as well as periodically “checking in” is critical to this, as surveys have shown that time and time again that consumers blame organizations, not hackers, for data breaches. If your partners mess up, you will be blamed for it.
Companies that ask for access to too much of users private data don’t just risk losing the information, with 40% of consumers likely to bounce from a website that asks for far too much personal information, according to research by Akamai.
Both the quantity of permission requests and the amount of information requested will hurt your brand's trustworthiness, as the sentiment of the prospect can shift from “what can this product do for me” to “what do they want from me”. Studies have shown that half of consumers are more likely to trust an organization that only asks for the minimum of data, and over one third will leave a company that asks for too much information. When it comes to asking for data, less is more.
Intrusive data requests are not the only thing that can irritate and drive potential customers from your brand. Aggressive ad retargeting practices and overt personalization methods can make users feel violated and harm their level of trust and engagement with your company.
While some may say there is no such thing as bad publicity, customers can become irritated if marketing efforts are too aggressive. What counts as invasive can vary from person to person, so it is important to regularly ask your customers what is too much - and then listen to the answers!
Most organizations think of data privacy as a compliance issue, a checklist that you have to periodically review to avoid the errors above or the fines of the regulatory agencies. But hidden in here is a competitive advantage: there is a real opportunity for brands to leverage their compliance programs to build trust, helping their customers feel as if their data is in safe hands.
Here is how companies can take advantage of this opportunity:
Show customers you care about their data and the steps you have taken to protect it. If your targets care about the privacy of their data, like most consumers today, take action to anticipate issues and make your achievements in privacy known. For example, we at accountable offer badges for organizations who have completed all the HIPAA Compliance requirements can place on their website. Additionally, allow access to the data you have collected and give them control over it is a great place to start.
Don’t tell people you’re trustworthy. Show them.
If you’re in the United States, don’t let the fact that there is no widespread GDPR style law in place prevent you from taking action. Research has shown that nearly all consumers by far prefer to buy from companies that proactively protect their data.
Don’t wait for a regulation to make its way through congress and the presidents' desk, take action now and proactively show that you take data privacy seriously. Run your business as if you already are under the jurisdiction of a law like the GDPR. Use this time to help set yourself apart as an organization that takes privacy seriously.
An easy way for businesses to build trust is to ask permission of your customers. For example, if you’re planning to run an email blast, ask customers if they would liek to receive promotions. Sure, you can entice them with information on your discounts or your promotions, but allow people the choice to opt in.
88% of consumers say their willingness to share personal data with an organization is based upon how much they trust that company. As their personal data grows more and more important to consumers, expect brands that demonstrate their commitment to data privacy to separate themselves from those that have not taken action. The trust earned from showing a commitment to their customer’s privacy will manifest itself in increased revenues.
A survey of Data Protection Officers, conducted by the UK Data Protection Index, reported that there had been a 66% increase in the number of Data Subject Access Requests received. While your organization may not technically be under the jurisdiction of laws like the GDPR or CPRA, you should recognize that not being able to provide consumers with their data upon request may result in them finding someone else to do their business with.
According to the Pew Research center, 70% of Americans believe their personal data is less secure now than it was in the past. Organizations that are transparent about what data they collect and what they will do with it have a major opportunity to earn consumer trust and therefore market share.
Don’t wait. Take steps to prove your commitment to data privacy today.