With the fast pace of online consumerism, companies must guarantee what they say in privacy policies is actually what they are doing when protecting the privacy of customer data.
After the recent flurry of data breaches, it is no wonder surveys like the one by GfK, a supplier of consumer and market information, recorded a major uptick in concern about online privacy. Almost half (49%) of the survey participants were "very concerned" about the privacy of their online data. The survey also found:
- 56% indicated that top organizations, such as social networks and credit-card companies need to take action.
- 54% believed the U.S. government is not doing enough to safeguard their data.
- 80% felt the government should implement regulations to prevent organizations from "repurposing personal data for third parties."
Reading privacy policies
During a recent phone conversation with Dana Simberkoff, attorney and senior vice-president of risk management and compliance for AvePoint, I asked if she thought consumers were reading privacy policies. Simberkoff said, "We don't read them. We avoid reading the lengthy, jargon-filled content so we can begin using the service we downloaded, bought, or installed."
Simberkoff's remark aligned with the GfK survey, which suggested it's business as usual for consumers: "Less than half (48%) of consumers are changing their online habits because of privacy fears." As Simberkoff and I continued talking, something became clear. There were at least four distinct "cause and effects" at play:
- Website owner's want to eliminate all possible liability, meaning privacy policies are loaded with legalese.
- Website privacy policies may not represent what the company is actually doing.
Start with the companies
I had to let that sink in. Even with a significant percentage of consumers being apathetic about losing their online privacy, it might come to pass that consumers say "enough is enough." How many Target customers affected by the recent data breach want to go through another episode like that? To prevent that from happening, Simberkoff offers some advice on how companies can improve customer trust.
Use software tools
Because of the high rate of data influx, most companies should look at software tools to help identify risks and provide real-time solutions when it comes to assessing customer data privacy. From experience, Simberkoff has learned that does not mean just any software. The software should have the following attributes:
Say it: After establishing information privacy policies to ensure the security of sensitive or regulated content; be sure your selected process is in accordance with U.S., international, and vertical-specific compliance regulations.
Do it: Determine the risk severity of the captured data using advanced risk calculators. Look for a software tool with options such as highlighting areas that violate the specified compliance standards or guidelines as well as providing multiple perspectives on potential risk.
Prove it: Prove policy compliance with ongoing monitoring, detailed reporting, and incident tracking. Effective tools produce detailed reports of preventative and corrective actions taken to ensure content is uploaded, stored, classified, and secured in accordance with information governance policies.
A note on how the GfK survey was conducted: The GfK poll, conducted in the wake of several considerable data breaches of major brands gauged the attitudes of US consumers. GfK conducted the survey from March 7 to March 9, 2014 among 1,000 respondents, all 18 or over.