Skip to main content

How consumers can make businesses accountable for their data

(Image credit: Shutterstock / carlos castilla)

As consumers become increasingly aware of online security risks, they hold businesses responsible for data breaches. In today’s current digital ecosystem, companies have access to the majority of consumer data in addition to their activities.

Some companies are open about the data they store, but most choose to keep their consumers out of the know. It is also common for companies to collect personal data that does not have a particular use because they may need it later.

The current scenario

Studies have revealed that consumers are more willing to share their data with a company they already know and trust to protect their information. Like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), regulations are in place to ensure that companies are accountable. These make sure that consumers have the right to delete, transfer, and request a copy of their data at any time.

According to statistics, 35 percent of American households have had a data security problem such as identity and data theft or a computer virus. Also, only 10 percent of consumers believe that companies can handle their data responsibly, and 69 percent think that companies are vulnerable to cyberattacks.

In today’s current state, consumers are less trusting of companies that have access to their data. It is up to the company to ensure that data is secure from any cyberattack.

Therefore, companies need to build strategies around “when” a breach should occur, rather than “if” it will. 

This is increasingly important as hackers keep getting better at what they do and are often ahead of the security systems put in place. Because of this, companies need to focus on securing all the items within their perimeter rather than just securing the perimeter itself.

The impact of a data breach on consumer and business

Data breaches have a massive impact on the relationship between consumers and businesses. Consumers will have a hard time trusting the organization after a data breach and may become more aware of the security risks of allowing companies to store their data.

State of businesses and trustworthiness

Trust is key for businesses. 89 percent of consumers state that they won’t do business with a company if they have any concern or mistrust about its security. When companies experience data breaches, it only enhances this mistrust further.

In the same PWC study, 87 percent of consumers said they would use another company to properly handle their data if they do not trust a company, especially if it is prone to data breaches. Consumers find it challenging to keep their data safe and have to trust companies to keep it safe for them.

However, businesses think that trust is growing as 55 percent said that confidence in their technology continues to grow. This statistic is much greater than the mere 21 percent of consumers who believe that trust is growing. These figures show a divide between businesses and consumers.

Consumers and security

As secure as a system is, consumers will know that you are still susceptible to breaches. Statistics show that only 83 percent will stop doing business with a company with a security breach. 21 percent of those consumers claim they will never return to that company. The others would only stop for a few months while they see how the company recovers.

These statistics show that it is about how the company responds to a situation that determines how the consumers will react. Consumers are more likely to stay with a company that works quickly and efficiently. They are also more likely to choose companies that have sophisticated security protocols in place.

How organizations should keep their consumers

Declare privacy and security a core value

When you declare privacy and security as one of your core values, you show your consumers that you value their data. Customers are more likely to trust companies that value privacy and security. They can rest easy knowing that their data is of importance to you.

Declaring privacy and security as a core value also means that consumers can hold you to it when a possible breach happens. You need to follow through on the promises you make to keep their trust in the company.

Choose privacy and security by design

This is all about weaving privacy and security regulations throughout the entire organization. When choosing privacy and security by design, you ensure that you comply with the data regulations put into place by your government.

It is vital to remember Steve Jobs’ wisdom here. He once said, “Design is a funny word. Some people think design means just how something looks. But, of course, if you dig deeper, it’s how it really works.”

You need to design and deliver security to your customers in every way possible. It should never be an afterthought, but you should design your systems with security features in place.

Privacy and security by design mean that you consider every aspect of your organization and ensure that everything is safe and secure. This is the best way to provide optimal security for your company.

Ensuring that you embed security throughout your organization also allows you to comply with the GDPR.

There are seven principles to privacy by design:

  • Proactive, not reactive
  • Privacy as the default
  • Privacy embedded in the design
  • Full functionality
  • End-to-end security
  • Visibility and transparency
  • Respect for user privacy

These seven principles are all critical to securing your data and ensuring consumer trust in your company. Organizations that follow these principles will see trust and brand reputation grow.

Prove to consumers that you respect them

Respect is a two-way street, which means that you have to show your consumers that you respect them and their privacy.

An excellent way to show that you respect them is to acknowledge your mistakes and keep your promises. This indicates that you value them as more than just customers. You should also make your consumers feel special so that they know they are more than just a number in the system.

Another way to show consumers that you respect them is to treat them the way you would want to be treated. Think of how you would like a company to treat you and apply that to your consumer approach.

For example, would you want to be kept in the dark about how the company uses your data? Or perhaps how the company secures your data? No, you would like to know exactly how they store, share, and use your personal data.

Act quickly and transparently

According to an ABA Banking Journal study, 70 percent of consumers expect transparency and honesty with their data. When companies are more transparent with their security and data breaches, consumers are more likely to trust them.

That is why you must act quickly and transparently when a breach does occur. For the average business, data breaches can cost up to $3.92 million. As such, you need to respond to anything that may occur efficiently. Further to this, you should reveal any information about the breach to your customers.

Consumers also want to know how their data is being collected, used, and protected. To ensure your consumers’ trust, you should be transparent about your cybersecurity measures. Organizations need to continuously update their consumers on their security and provide options to opt-out of data collection.

A greater focus on sensitive data management

Incorporating people, process, and technology, sensitive data management focuses on data discovery, security governance, and protection. Sensitive data management is a strategy about knowing where your data is, what information is at risk, who can access this data, and how to protect it.

Most businesses incorporate these seven steps into their sensitive data management practices:

  1. Define what is considered sensitive information.
  2. Know where the sensitive data is and who can access it.
  3. Classify data in terms of importance.
  4. Identify who owns the data.
  5. Govern the accountability of data owners.
  6. Determine if data is necessary and if it poses a risk.
  7. Eliminate data as soon as it is obsolete.

The future of businesses and trust

According to the PWC report, 36 percent of consumers are less comfortable sharing their data and information with companies. This means that the competitive advantage would be to build and maintain consumer trust.

Businesses need to build trust between themselves and consumers to ensure that they do not take their business elsewhere. This is why transparency is the most important position a company can take, especially after a security breach. 

In a nutshell

Consumers are becoming increasingly aware of online security risks, which means that organizations need to be more alert regarding cyberattacks and breaches.

Modern consumers value convenience and expect businesses to provide this. With threats of consumers taking legal action on organizations and implementing regulations that protect the consumer, companies must educate consumers about how they protect their data.

Remember that cybersecurity, especially when it comes to personal data, is vital for today’s consumers. Companies have to build a sturdy data security plan that is continually tested and adapted to become industry leaders and build trust with consumers.

Rakesh Soni, CEO, LoginRadius (opens in new tab)

Rakesh Soni is CEO of LoginRadius, a leading provider of cloud-based digital identity solutions. The LoginRadius Identity Platform serves over 3,000 businesses and secures one billion digital identities worldwide. LoginRadius has been named as an industry leader in the customer identity and access management space by Gartner, Forrester, KuppingerCole, and Computer Weekly.