Posted: 01 Oct. 2019 05 min. read

10 steps to becoming a trusted brand

Practical guidance for organisations who want make customer privacy a competitive advantage, not a liability

If reputation is the bedrock of business, then there is nothing that business should be more concerned about than a data or privacy breach, because these are the incidents that shred reputation in a scarily quick timeframe. But with a dedicated plan, any organisation’s privacy policy can become a competitive advantage, rather than a reputational minefield. 

In the first decade of the 2000s, we were introduced to social media. A phone no longer just made calls but allowed us to capture and store our photos and connect to work. USBs allowed us to move large volumes of data that previously required multiple disks and other devices and Wi-Fi – invented in Australia – allowed us to be the mobile society we are today. Every one of these developments profoundly changed how we live, work and play.

They have also profoundly changed businesses and business models. No longer is the customer an unknown or untraceable person who transacts, hands over money and leaves the shop. Now we leave a discoverable trail every minute of the day. Our phone is intimately associated with our identity and through phones and the data they collect, companies can watch and analyse our every move with or without our consent. Businesses that once derived 100% of their profits from margins on goods and services they sold us now can derive profits from the sharing what they know about us. Whole businesses have sprung up that rely solely on data, data sharing and data analytics as the basis for their existence.

Privacy is a major concern for consumers. The Deloitte Privacy Index tracks consumer concerns about how their data is used. 2018 and 19 responses showed brands are more likely to lose consumer trust and damage their reputation if customer data is used for direct sales (68%), inappropriate marketing (58%), and cross-selling of personal information (54%). 90% of consumers still expect to be notified if their personal details are involved in a breach. 63% of consumers have deleted apps due to privacy concerns.

However, despite the importance placed on privacy, many organisations are still grappling with how best to manage consumer data. Organisations often rely on contracts to ensure other organisations treat theirs and their customers’ data appropriately. 

In Australia we have seen the dire consequences of broken trust due to data breaches. We have seen organisations’ reputations destroyed as a result of data breaches. This is worse when one company forms part of a link in a value chain and we have seen whole industries impacted as a result, particularly when the data impacted is sensitive or very personal in nature. 

So how do organisations navigate their way through these challenges and come up with a pragmatic strategy that does the right thing by the customer but also makes business sense?

The answer lies in treating privacy not as a compliance task, but as something which can transform your business. Challenge your business to build trust with customers and take advantage of changing customer loyalties. Apple is a great example of an organisation that has made its strong record on privacy a base to create value from. They have proved that doing the right thing by the customer can build a brand and create greater customer loyalty and trust. 

For most organisations this approach will require a change in mindset. Below are some suggestions for how to begin this perspective shift within your organisation. 

  • Have a customer mindset. What would the customer expect and what would be their attitude be if what you were doing was known to them
  • Know your customers’ identity and the data you have on them. Improve their experiences by leveraging their data to give them greater value and take advantage of technical innovations in design, analytics and AI.
  • Take advantage of biometrics to improve customer authentication techniques to add to that frictionless experience. Use this to provide seamless two factor control uplift. 
  • Know where personal or sensitive data is being collected, used, stored and managed. This needs to include how  third parties are involved. 
  • Be transparent and authentic with your customer. Be honest in terms of what you do with their data and how you use it. Honesty up front builds trust longer term. 
  • Set the bar and know your obligations. Build privacy to earn your consumers’ trust, not because you need to comply. They are often very different thresholds.
  • Ensure your staff know what is required of them from a privacy perspective – give appropriate attention to training and awareness – it is the cheapest form of risk buy-down.
  • Implement data management principles and processes. Have appropriate processes and mechanisms in place to keep the data secure and to know that third parties are doing likewise. 
  • Simplify your data environment and improve your data quality. Be clear on what your policies are with regard to data retention and remove data that is outside of policy. Don’t be a data hoarder.
  • Be prepared for when a breach occurs and for how you will deal with it and communicate with your customers, regulators and other stakeholders. Practice makes perfect so perform breach response exercises.
  • Regularly assess your adherence to the above guidelines and adjust your practices as your business grows accordingly.

A compliant company may already be ticking the boxes on the list above as some are embedded in the Australian privacy principles. However, organisations getting ahead are understanding that the relationship between data, privacy and consumers is where value and reputation can be earned or lost, and the best performing organisations are understanding, through the customer experience they deliver, how to turn risk into reward. 

For more information on how to turn risk into rewards, talk to Deloitte’s Risk Advisory team.



Meet our author

Tommy Viljoen

Tommy Viljoen

Partner, Risk Advisory

Tommy leads the cyber risk services strategy and governance team based in Sydney and has over 30 years’ experience in information technology, IT risk and cyber security governance across a broad range of industries. He helps organisations with the development and implementation of cyber risk strategies and solutions, including, information security management systems, cyber threat management programs, cyber monitoring solutions, cloud solutions, third party strategies and secure by design solutions.