By Anette Bergendorff, Sr. Industry Consultant at Teradata
In today’s age of constant data breaches and privacy ethics violations, companies are rethinking how they approach privacy.
What if privacy was used as a way to differentiate from competitors and create a business advantage? What if privacy-focused marketing and business practices were the next big disrupter? Historically, businesses have gained competitive advantage by understanding market dynamics and targeting the right customer segments with the right offerings.
This is now table stakes. In the future, competitive advantage will be achieved by having a clear understanding of what data a company is actually going to need. Not having access to the right data on customers and citizens will put businesses at a critical disadvantage in an ever-competing market, and ultimately erode customer trust.
Companies need a full and working overview of the flow of their personal data, end-to-end. Understanding and being compliant with privacy regulations relies on knowledge of where private data is held, how it is secured, who has access to it, when and where it moves and who is using it for what. For any business that wants to hold or process privileged information, proving that they aren’t vulnerable to potential privacy breaches is essential.
Compliance allows companies to operate. Customers allow them to exist.
Now more than ever a new deal for the ethical management of data is needed, creating a new balance and social contract between organisations and individuals. Personal information should be for personal use, while public data, sensor data and/or aggregated and encrypted data can be leveraged for other, important purposes.
This is fair and, if done right, will not harm strong, sustainable business models. Instead, those organisations that are prepared and treat their customers’ and citizens’ data ethically, will recognise clear-cut benefits; consumers will be more likely to trust an organisation that looks after their personal data.
Most companies have had ongoing data privacy programmes for some time. The outcome of a data privacy project is not only to meet the regulators requirements but to meet customers’ expectations about security and privacy of their personal data so that they are willing to continue doing business with you.
Three events that could make customers leave are lack of transparency, breach of their personal data and if they’ve had the creep factor – ‘don’t look into my world, just provide me the service or product I’ve signed up for.’ The days of ‘collect all the data we can, lets figure out a use for it later’ are over. Roughly 57% of consumers will stop doing business with a company that has broken their trust. About 66% view their own personal data as valuable and nearly 50% are willing to share it with companies in exchange for some form of value.
Privacy regulations are not a novelty. They’ve been around for many years, implemented in the majority of European countries since early 90s, in Australia since 1988 and in many Asian countries since the beginning of 2010.
The more recent one that has come into effect, the California Consumer Privacy Act (CCPA), was highly inspired by the European GDPR (General Data Protection Regulation), which is also the most well-known data privacy regulation. GDPR is the European Union deciding that there shouldn’t be 28 different sets of regulations, but one coherent regulation protecting every citizen no matter where they live within the EU.
Large personal data breaches by Yahoo, Facebook, Equifax, British Airways, Marriott and Dell hastened the requirement for a new modernized privacy regulation. Australia also had significant breaches reported to OAIC (Office of the Australian Information Commissioner) under the Notifiable Data Breaches Scheme, with increasing numbers every year and upwards of 3,400 from January 2018-January 2019 alone. Four percent of these breaches were due to system fault, 62% were malicious or a criminal attack and 34% were the cause of human error.
The key theme and objective of these global regulations is to empower individuals, strengthen the security and privacy of their data and drive a higher standard of data accountability. They give citizens the right to know and decide how their personal data is being used, stored, transferred and deleted. The benefits of a data accountability framework from an organisational point of view are to protect customers, employees, executives and to improve data management to enhance commercial opportunities.
Corporations and governments need to have their ‘house in order,’ as expressed by several privacy commissioners, and take responsibility for their customers’ and citizens’ personal data. Information management and data governance should not be regarded a baseline requirement – but as a mitigating strategy to prevent privacy breaches and loss of customer and market trust.
To give an example, the Chief Privacy Officer of one of the world’s largest producers of electronic devices, has required the organisation to not only be compliant by designing their mobile phones according to the privacy by design and data minimisation sections of the privacy regulation, but to develop and deliver any product or service with ‘privacy by default’ in mind. This means privacy settings are to be pre-set for their customers when purchasing a new mobile phone, not the other way around.
Teradata’s Vantage platform helps companies and governments keep their house in order by gaining the right knowledge and insights about their customers’ and citizens’ personal data.
Paired with data governance, data lineage & impact service, ecosystem decoded and privacy & security consulting engagements, we enable your business to have a better understanding of the personal data it collects, uses and stores. To strengthen this support, Teradata partners with companies like Dataguise, Protegrity, Microfocus, Thales and ShieldIO to help our customers secure and protect personal data so they can keep the trust and ongoing business of their customers.
About Anette Bergendorff
Anette Bergendorff is a Sr. Industry Consultant at Teradata. She supports and inspires businesses to understand what they might not be doing with data today but will be wanting to do tomorrow. She believes that companies who manage data in an ethical and transparent way will be able to exceed customer expectations and grow revenue. Anette has 25 years of experience from the Insurance and Financial Services Industry working in areas of business architecture & development, information & data strategies, organisational design, business operations and change & transformation programs.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/