Data privacy: Stepping up in an age of soaring customer expectations and compliance standards

Data privacy should be a serious and pressing concern for businesses and governments alike. It is already a major concern for customers, with 36% of individuals polled in a 2020 PWC study reporting that they are less comfortable sharing information now than a year ago. The same study also shows that 80% of Indian customers who participated wish there were more companies they could trust with their data.

A major reason for this mindset shift about privacy could be the pandemic-induced digital transition. The current need to avoid risk as well as a general desire for convenience has caused a meteoric rise in customers' demand for digital services. Today, we largely see our own friends and family opting for online grocery shopping, digital payments at physical stores, tele-medicine consultations, electronic signature apps, OTT platforms, virtual exercise sessions, e-gatherings, online psychology counseling, etc. In fact, Internet usage grew sharply in Indian cities in April 2020, touching 54 percent. Likewise, Internet traffic in Bangalore increased by 100 percent, according to NCBI data.

Other events in 2020 that put the spotlight on privacy for customers were the multiple reports about increased employee surveillance in remote work environments and the possibility of unchecked data capture by IoT-based smart home appliances. As their everyday interactions with digital services increase, customers are apprehensive about what information they are putting out on the web about themselves, who has access to the data, and how the concerned party handles it.

What can organisations do to become privacy-first businesses and retain customer trust?

• Understand what kind of personal data is collected about customers/prospects/partners/employees across departments. It's also important to stay aware of how much data is gathered and why it is needed. Businesses that already run a basic data governance framework that logs this information will find it easier to incorporate the privacy angle, such as identifying and cataloguing personal data, to begin with.
• Minimize personal data collection to reduce risk. Businesses that self-regulate and gather the bare minimum information required to fulfil business purposes (like outbound sales and similar outreach processes) enjoy a two-way benefit: customers do not feel hassled that too much information is requested and internal data management teams aren't overburdened by excessive data.
• Ask the data owners' permission while collecting sensitive information. A crystal clear consent is crucial in this age of AI-powered chatbots, big data analytics, and aggressive marketing strategies. Try putting customers through a tiered consent system that requests for fresh data upon transparent declaration of how it will be used. Equally important are straightforward, easily discoverable options for consent withdrawal and request for data deletion from organisation records.
• Protect both data at rest and in transit. For personal data to stay private, it has to be safe and protected at all times. While data security processes like end-to-end encryption enable a solid foundation, businesses can fortify personal data protection by including next-level processes like real-time data server monitoring and privileged access rights management practices. Regulations like the GDPR too mandate that organisations should be informed about who has what level of access to which PII storage locations.
• Reduce reliance on revenue gain through selling user data to data brokers or online advertising platforms. Ad-supported business models are currently facing criticism for their fundamental inability to ensure user privacy and could even cause a loyalty shift amid customers down the line. Offering users an option to opt-out of seeing ads is a good place to start.
• Write a customer-centric privacy policy that is simple, transparent, and accessible. Constantly communicating with customers about authentic policy changes and new practices is a great way to build confidence. Many global organisations already do this. Apple launching its mandatory privacy labels for apps in the App Store is a small but bold step towards claiming the privacy mantle; it also is proof that privacy-first brands will quickly become beacons of trust among customers. GitHub too recently did away with non-essential cookies on its platform to protect developer privacy. As for local developments, Reliance added support for DuckDuckGo (a privacy-conscious search engine) to its web browser JioPages, since it was one of the most requested features by its users.
• Train employees to uphold privacy. Businesses can deeply benefit from developing an internal privacy policy that outlines data usage instructions and conducting periodic educational workshops on the importance of privacy. If resource allocation budgets do not allow for legal counsel or exclusive data privacy teams, consider appointing existing employees across business functions as privacy assurance reps. For instance, requesting the partner relations team to carefully assess third-party vendors' data management practices for privacy risks or an engineering head to publish a developer manual for privacy-first software building.

Today, according to UNCTAD, 132 out of 194 countries in the world have some form of legislation in place to address data privacy and protection needs. Privacy watchdogs are working at warp speed as well, bringing renowned tech giants under public scrutiny to understand how the organisations handle their customer data. French data regulatory body CNIL recently fined Google $121m and Amazon $42m for breaching the country’s rules, which mandate consent collection from Internet users about trackers that were automatically saved on computers for advertising purposes.

Sooner or later, every business irrespective of size or industry will have to face increasing expectations to be transparent about their ways of working. Organisations that keep pace with the changing public mood and build a privacy program that's aligned with their daily operations, corporate policies, goals, and vision will be better equipped to maintain customer trust and loyalty in the coming years.

By Raju Vegesna, Chief Evangelist, Zoho Corp.