If reputation is the bedrock of business, then there is nothing that business should be more concerned about than a data or privacy breach, because these are the incidents that shred reputation in a scarily quick timeframe. But with a dedicated plan, any organisation’s privacy policy can become a competitive advantage, rather than a reputational minefield.
In the first decade of the 2000s, we were introduced to social media. A phone no longer just made calls but allowed us to capture and store our photos and connect to work. USBs allowed us to move large volumes of data that previously required multiple disks and other devices and Wi-Fi – invented in Australia – allowed us to be the mobile society we are today. Every one of these developments profoundly changed how we live, work and play.
They have also profoundly changed businesses and business models. No longer is the customer an unknown or untraceable person who transacts, hands over money and leaves the shop. Now we leave a discoverable trail every minute of the day. Our phone is intimately associated with our identity and through phones and the data they collect, companies can watch and analyse our every move with or without our consent. Businesses that once derived 100% of their profits from margins on goods and services they sold us now can derive profits from the sharing what they know about us. Whole businesses have sprung up that rely solely on data, data sharing and data analytics as the basis for their existence.
Privacy is a major concern for consumers. The Deloitte Privacy Index tracks consumer concerns about how their data is used. 2018 and 19 responses showed brands are more likely to lose consumer trust and damage their reputation if customer data is used for direct sales (68%), inappropriate marketing (58%), and cross-selling of personal information (54%). 90% of consumers still expect to be notified if their personal details are involved in a breach. 63% of consumers have deleted apps due to privacy concerns.
However, despite the importance placed on privacy, many organisations are still grappling with how best to manage consumer data. Organisations often rely on contracts to ensure other organisations treat theirs and their customers’ data appropriately.
In Australia we have seen the dire consequences of broken trust due to data breaches. We have seen organisations’ reputations destroyed as a result of data breaches. This is worse when one company forms part of a link in a value chain and we have seen whole industries impacted as a result, particularly when the data impacted is sensitive or very personal in nature.
So how do organisations navigate their way through these challenges and come up with a pragmatic strategy that does the right thing by the customer but also makes business sense?
The answer lies in treating privacy not as a compliance task, but as something which can transform your business. Challenge your business to build trust with customers and take advantage of changing customer loyalties. Apple is a great example of an organisation that has made its strong record on privacy a base to create value from. They have proved that doing the right thing by the customer can build a brand and create greater customer loyalty and trust.
For most organisations this approach will require a change in mindset. Below are some suggestions for how to begin this perspective shift within your organisation.
A compliant company may already be ticking the boxes on the list above as some are embedded in the Australian privacy principles. However, organisations getting ahead are understanding that the relationship between data, privacy and consumers is where value and reputation can be earned or lost, and the best performing organisations are understanding, through the customer experience they deliver, how to turn risk into reward.
For more information on how to turn risk into rewards, talk to Deloitte’s Risk Advisory team.
Tommy leads the cyber risk services strategy and governance team based in Sydney and has over 30 years’ experience in information technology, IT risk and cyber security governance across a broad range of industries. He helps organisations with the development and implementation of cyber risk strategies and solutions, including, information security management systems, cyber threat management programs, cyber monitoring solutions, cloud solutions, third party strategies and secure by design solutions.