10 steps to becoming a trusted brand, managing privacy or data risk

Practical guidance for companies who want make customer privacy a competitive advantage, not a liability

If reputation is the core of organisation, then there is nothing you’re your organisation should be more concerned about than a data and privacy breach, because these are the incidents that strip off reputation in a worryingly quick timeframe. But with a dedicated plan, any business’ privacy policy can become a competitive advantage, rather than a reputational hazard.

In the early 2000s, we were introduced to social media. A mobile phone no longer just made calls and send text messages but allowed us to capture and store our photos and connect to the world. External drives allowed us to move large volumes of data that previously required multiple disks and other devices and Wi-Fi allowed us to be the mobile society we are today. Every one of these developments overwhelmingly changed how we live, work and play.

All these have also changed businesses and business models. No longer is the consumer an unidentified or untraceable person who transacts, hands over money and leaves the shop. Now we leave an audit trail every minute of the day. Our mobile phone is confidentially associated with our identity and through mobile phones and the data they collect, businesses can watch and analyse our every move with or without our consent. Businesses that once derived 100% of their profits from margins on goods and services they sold us now can derive profits from the sharing what they know about us. Complete businesses have sprung up that rely solely on data, data sharing and data analytics as the basis for their existence.

Privacy is a major concern for customers. Morshona Privacy Index tracks customers concerns about how their data is used. This year, 2019 responses showed brands are more likely to lose consumer trust and damage their reputation if customer data is used for direct sales (65%), inappropriate marketing (56%), and cross-selling of personal information (53%). 93% of consumers still expect to be notified if their personal details are involved in a breach. 65% of consumers have deleted some apps due to privacy concerns.

Nonetheless, despite the importance placed on privacy, many businesses are still grappling with how best to manage consumer data. Organisations often rely on contracts to ensure other organisations treat theirs and their customers’ data appropriately.

In Australia we have seen the dire consequences of broken trust due to data breaches. We have seen organisations’ reputations destroyed as a result of data breaches. This is worse when one business forms part of a link in a value chain and we have seen entire industries impacted as a result, particularly when the data impacted is sensitive or very personal in nature.

So how do organisations navigate their way through these challenges and come up with a pragmatic strategy that does the right thing by the consumer but also makes business sense?

The answer lies in treating privacy not as a compliance task, but as something which can change your business. Challenge your business to build trust with customers and take advantage of changing customer loyalties. A technology company, Apple is a great example of an organisation that has made its strong record on privacy a base to create value from. They have proved that doing the right thing by the customer can build a brand and create greater customer loyalty and trust.

For most businesses this approach will require a paradigm shift. Below are some suggestions for how to begin this perspective shift within your company.

1. Have a consumer mindset. What would the consumer expect and what would be their attitude be if what you were doing was known to them

2. Know your consumer’s identity and the data you have on them. Improve their experiences by leveraging their data to give them greater value and take advantage of technical innovations in design, analytics and AI.

3. Take advantage of biometrics to improve customer authentication techniques to add to that frictionless experience. Use this to provide seamless two factor control uplift.

4. Know where personal or sensitive data is being collected, used, stored and managed. This needs to include how third parties are involved.

5. Be transparent and authentic with your consumer. Be honest in terms of what you do with their data and how you use it. Honesty up front builds trust longer term.

6. Set the bar and know your obligations. Build privacy to earn your consumers’ trust, not because you need to comply. They are often very different thresholds.

7. Ensure your employees know what is required of them from a privacy perspective – give appropriate attention to training and awareness – it is the cheapest form of risk buy-down.

8. Implement data management principles and processes. Have appropriate processes and mechanisms in place to keep the data secure and to know that third parties are doing likewise.

9. Simplify your data environment and improve your data quality. Be clear on what your policies are with regard to data retention and remove data that is outside of policy. Don’t be a data accumulator.

10. Be prepared for when a breach occurs and for how you will deal with it and communicate with your consumers, regulators and other stakeholders. Practice makes perfect so perform breach response exercises.

• Regularly assess your adherence to the above guidelines and adjust your practices as your business grows accordingly.

A compliant business may already be ticking the boxes on the list above as some are embedded in the Australian privacy principles. However, organisations getting ahead are understanding that the relationship between data, privacy and consumers is where value and reputation can be earned or lost, and the best performing organisations are understanding, through the customer experience they deliver, how to turn risk into reward.

For more information on how to turn risk into rewards, talk to Morshona’s Risk Advisory team.