December 19, 2019

Promise and Deliver on Your Customers’ Data Privacy Concerns

JT Sison

Over the past decade, technological advancement has given way to an unprecedented era of data abundance. Living in what is referred to as the “NOW Economy,” which is one of instant interaction and individualized experiences, customers expect organizations to meet their needs immediately. Therefore, organizations should not be waiting for privacy regulations to ensure they are protecting themselves and their customers.

Prevent Data Breaches

According to a Ping Identity survey, highlighted in Security Magazine, approximately 78 percent of consumers would disengage ties with brands that encounter a data breach. A data leak is a costly affair for any organization. A report by ForgeRock concludes that last year cyberattacks exposed 2.8 billion consumer data records and cost over $654 billion to US organizations. It is no wonder that 60 percent of consumers don’t feel comfortable when businesses share their data.

As data breaches are on the rise and the public outcry for data privacy has grown louder, governments have started taking the initiative to give citizens control of their Personal Information (PI). Last year, the EU General Data Protection Regulation (GDPR) went into effect (following four years of preparation and debate). In the US, the California Consumer Privacy Act (CCPA) is slated to become effective January 1, 2020, and Congress is considering what a national data privacy law might look like. This trend has and will continue to grow globally across many countries.

Address Customer Privacy Concerns

A recent PwC survey revealed a mere 25 percent of consumers believe businesses handle their sensitive personal data responsibly, and only 12 percent of consumers trust businesses more than they did a year ago. There are certain brand implications when customers no longer trust businesses with their personal data. Individuals want transparency, control, and assurance that their data is in safe hands.

Common Privacy Concerns

  • Is it safe to share my data online?
  • Where is my data being stored?
  • How are data breaches being prevented?
  • Is my data being shared and/or sold to third parties?
  • How accurate are responses to data access requests (DSARs/SRRs)?
  • How often are privacy policies reviewed/updated?
  • Does the organization comply with global data privacy laws?
  • How long does the organization keep my data?

Your Customers’ Privacy is Not Negotiable

It is time for organizations to change their mindset when it comes to the collection and management of sensitive data. New global regulations are a great opportunity for organizations to show their customers that they can be trusted to use sensitive data in a legitimate way and for beneficial purposes. For example, customer data, when protected, can be used in analytics to improve products and find new markets, for digital identity verification, fraud prevention, and improving the speed of transactions, to name a few. The onus is on organizations to understand, acknowledge, and act on their consumers’ top data privacy concerns.

A Privacy Organization Builds Trust

Building an internal privacy organization, appointing a qualified Chief Privacy Officer, and creating a data privacy policy is more important than ever before. Organizations should always make their privacy policy public and notify customers of any changes to the practices the organization follows and manages.

A comprehensive privacy policy should document what data is collected, where and how it moves through the organization (internally and through third parties), why it is being collected, and how it is used and protected. Building a functional privacy framework is easier than most people think when we begin walking them through the thought process, including:

  • Scan: Know which sensitive data elements/identities exist
  • Scale: Plan ahead/scale to petabytes of data
  • Type: Sensitive data can be found in structured, unstructured, semi-structured formats
  • Location: PI can be just about anywhere (on premises, Cloud, SaaS)
  • Governance: Apply governance to remediate personal identity gaps, both inside and outside of the organization, and always consider new repositories
  • Rights Requests: Ensure compliance on the right to erasure (when applicable)
  • Automate: Generate Data Subject Access Requests (DSAR) reports that can be delivered without unnecessary cycles
  • Risk Controls: Ensure protection of sensitive data with masking/encryption

It’s time for organizations to revisit their data protection and privacy practices. Safeguarding sensitive data has many benefits, including reducing financial risks, and building your brand’s reputation and trust with customers. The bottom line is that customers want control over their personal data, and organizations that embrace these data privacy concerns are far more likely to be trusted and build a loyal customer base.

Safeguard sensitive and personal data with the help of PK Protect. Request a free demo now.

Share on social media
  • Blog
    Data Retention: Aligning Data Protection Strategies with Compliance Requirements

    Data Retention: Aligning Data Protection Strategies with Compliance Requirements

    Ben Meyers March 13, 2024
  • Blog
    Data Breach Report: March 2024

    Data Breach Report: March 2024 Edition

    PKWARE March 8, 2024
  • Blog
    PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security

    PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security

    PKWARE February 22, 2024
  • Blog
    Data Breach Report: February 2024

    Data Breach Report: February 2024 Edition

    PKWARE February 15, 2024