Let’s suppose for a moment your company was under audit for consumer data privacy protections. How would you perform?
This is, perhaps, less farfetched than you may imagine; think an accountability test or digital equivalent of a health and sanitation audit for a restaurant, a tax audit, or any other audit for regulatory compliance. While digital privacy regulations are hardly well defined today, efforts are already well underway across industry, government, and third party associations. From the FTC’s Report on Privacy & Security in the Internet of Things, to the Online Trust Alliance’s Honor Roll, to the Obama Administration’s Consumer Privacy Bill of Rights, there is considerable discussion, research, testing, even legal sanction taking place today.
So, this begs the question: how would your business fare in an audit addressing consumers’ top privacy concerns?
Yes, people still care about privacy
You might assume that just because your customers whiz through their registration processes or never read your privacy policy, they don’t care. Not so; the reality is that the majority of consumers express heightened concern around their digital privacy.
Remember, privacy isn’t exclusively the concern of the elderly or a non-factor for millennials. Privacy, or the desire of an individual or group to seclude themselves, information about themselves, and thereby express themselves selectively, is innately human.
Survey reveals tremendous gap between consumer concerns and business practices
In a survey of more than 2000 Americans conducted in June of 2015, Altimeter Group found that consumers are decidedly anxious about the manner and location in which companies are using (and selling) their data. Some 70-80% of respondents rated the following as very or extremely concerning.
- When and to whom my data is SOLD OR EXPOSED
- When, where, and how my data is STORED
- How PERSONALLY (individually) IDENTIFIABLE is my data
It isn’t just the ‘how’ of data use that concerns the American public, it’s also the where
Location-based services (and context) are an increasingly definitive part of the way companies engage their customers through the mobile and sensor-driven technologies that comprise the Internet of Things.
From public spaces to marketplaces, from the car to the body, this survey found that about half of all consumers are highly uncomfortable with companies using and selling data collected from any physical environment. Across the board, consumers are less comfortable with the selling of their data than its mere use; Some 45% of all respondents report they are “very or extremely uncomfortable” with companies using their data. Roughly 60% of all respondents report such heightened discomfort in the sharing/selling of their data.
Areas of greatest concern include the use and sales of data generated from, or associated with:
- The BODY (e.g. wearables, fitness trackers)
- The HOME (e.g. connected home products)
- In PUBLIC SPACES (e.g. parks, street crossings)
Consumers also prioritize explicit notification of the collection of their data in the home and public marketplaces, but at least of respondents report notification is ‘very or extremely important’ across all areas.
In addition to the desire to be notified, the survey also found consumers are interested in learning more about the use of their data— some 45% expressed this desire. Instead of sidestepping the topic, companies must realize this is an invitation for engagement.
Top digital privacy concerns highlight key gaps in business communications
Given the concerns outlined above, how much is your business doing to address these concerns? What sorts of safeguards (technical, infrastructural, legal), what sort of governance, and what mechanisms for communications do you have in place today?
- Are you communicating clearly and regularly about the use and sales of your customers’ data? How are you articulating ‘what’s in it for them’?
- Are you providing consumers any educational materials to aid in their awareness, understanding, consent, or protection?
- How are you notifying your customers when leveraging sensors to inform engagement with them? (Yes, that includes sensors embedded in mobile devices)
- What protocols do you have in place today in terms of data storage (e.g. data minimization, access, expiration and sustainability)? How are you communicating this internally and externally?
- How are you managing these needs (and risks) with third party organizations that are buying or accessing this data? How are you communicating this?
- What guardrails, accountability, and communications protocols are in place in the event of a breach or some other event compromising your customers’ data?
These are just a few of the critical questions businesses must be asking as, increasingly, they rely on data for monetization and innovation of new products and services. Companies collecting, using, monetizing, and storing data— fast becoming the de facto for any business— can no longer afford to ignore the issue of data privacy.
It’s time for a sober assessment of both consumers’ concerns around the use of their data, and what companies are doing to address such concerns. How would your company fare against these criteria?