The COVID-19 pandemic compelled businesses to shift to a primarily remote, work-from-home business model almost overnight, hastening digital transformation and forcing businesses to navigate previously uncharted ethical and legal waters regarding obligations related to the collection, storage, and use of personal data.
This fast transition has put both business and personal data at jeopardy, compared to before COVID.
As businesses responded to the evolving privacy regulatory landscape and the heightened public scrutiny that accompanied it, their ability to show and convey sufficient data security protections became increasingly important in gaining customer trust.
Every business has a strong interest in preserving and respecting its workers’ and customers’ privacy.
Failure to safeguard this type of sensitive information and to be honest about its collection, usage, protection, and retention may pose a serious existential danger to a company’s reputation and its bottom line.
Corporate reputations, like personal reputations, can take years to create but only minutes to destroy.
Cisco’s recent paper, Protecting Data Privacy During the Pandemic and Beyond, aimed to uncover the top issues concerning personal data during the pandemic.
Nearly a third of respondents (31%) were afraid that their information would be used for unrelated reasons, and one in four were anxious that their information would be shared too widely with third parties. Almost a quarter (24%) of respondents were concerned that their data would not be erased or anonymized once it was no longer required for its original purpose.
This evidenced the importance of transparency in the use of personal data obtained.
Just under half of those polled did not believe they could sufficiently protect their personal data, which is telling.
The most common reason stated by 79 percent of respondents was a lack of understanding of what firms were doing with their data. It is difficult—if not impossible—to establish trust when there is a lack of transparency between a business and its customers.
Risk professionals should not underestimate the critical importance of these findings. Many in the industry have a false sense of security, assuming that customers are not engaged or active enough to change their spending habits in response to data misuse. This mindset, while it may be reassuring, does not hold up to more modern trends. Businesses cannot wait until after a data scandal to tighten their data protection practices. By that time, their reputation as trustworthy custodians will already be in tatters and customers will have taken their business elsewhere.
By getting ahead of the issue and building privacy into defined processes, companies can not only avoid potential future crises from springing up, but also demonstrate that they are aware of the importance of privacy and trust, they are aware that this matters to consumers, and be willing to do something about it. Customers do pay attention to these issues and being proactive and responsive to privacy issues will help keep your reputation and bottom line intact.
Respecting Privacy and Protecting Personal Data
Protecting data does not need to be complicated. Indeed, a simpler approach exists whereby employees at every level can easily follow and is likely to be far more effective. The following four tenets capture the spirit of respectful and intelligent data handling:
- Know what makes data personal. The definition of personal data is broad and applies to any information relating to an identified or identifiable natural person. It is nearly impossible to protect personal data without knowing what it is.
- Start with why. There must be a clear and lawful business purpose for collecting personal data. If you cannot credibly provide this reason, do not collect it. Also, access to personal data does not mean you can use it for any purpose. Its use must be limited to the original purpose for which it was collected—this is a fundamental pillar of creating and maintaining trust.
- If you collect It, protect it. If you collect personal data, it is imperative to ensure that appropriate security controls are implemented to keep it safe from inappropriate or unauthorized access.
- Security does not mean privacy. While it is possible to have security without privacy, it is impossible to have privacy without security. Privacy is about handling personal data ethically and responsibly. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.
All employees can play a role in protecting and respecting the privacy of customers, prospects, partners, and visitors, and identifying practices that do not support this important mission. On an individual level, the simple (yet effective) message to convey to employees is “if you see something, say something.” Companies should promote a culture of responsible data use with C-Suite support and without fear of reprisals for pointing out practices that do not align with building consumer trust.
Organizations that demonstrate responsible and transparent practices in the handling and protection of customer, partner, and employee data can differentiate themselves from competitors and maintain a competitive advantage in the market, while creating a relationship of trust. Without this trust, customers will not reap the rewards and benefits of secure and innovative technologies and companies that do not engage in responsible data collection and use will be hindered from bring innovative and pro-competitive products to market