While most high profile customer data breaches involve security lapses, another type of breach is beginning to attract attention.
Data ethics breaches occur when organisations abuse the data they are responsible for, either by sharing it with third parties without permission, storing it in systems with lower security than promised, or by using the data for commercial gain without their customers’ consent.
Today’s data savvy consumer is becoming more aware of the value of their digital identity and of the subtle contracts they enter into when completing website registrations and accepting cookies.
According to a recent survey commissioned by Informatica, 72% of consumers in the UK are concerned about the protection of information they have shared with organisations online.
A further 56% said they intended to revoke access to their data and would share less information with organisations in the future.
The conflict between the data protection promised to customers and the legal and practical reality of what is delivered is a crucial one. A data ethics breach, regardless of the rhyme or reason, has the potential to damage a brand in the same way a data security breach would.
Content seriesView full content series
Data processors face increasingly tough challenges when it comes to maintaining digital trust. An average consumer’s digital identity consists of millions of data points generated while buying, banking, downloading, sharing and registering via online services.
These are all activities we happily participate in on a daily basis and the information we leave behind in the process is hugely important, and requires protection as it is a goldmine of customer insights for businesses.
This data, if leveraged, forms a picture of an individual’s interests and purchasing behaviour that can be used by businesses to further their commercial objectives.
There are several crucial steps businesses can take to establish a relationship of digital trust with their customers. The first and most critical is asking permission to record personal information and communicate through digital channels.
Without taking this step, any use of data or contact with the customer can feel invasive and may ultimately be unwelcome, potentially causing irreparable damage to the new relationship.
At the point of consent, businesses have to be transparent about how and when they intend to record data and going forward, they must adhere to this agreement, using customers’ personal and behavioural information only for the purposes originally stated.
To that end, if a business wants to change the way it processes data, by sharing it with a third party for example, they must ask permission beforehand.
Finally, businesses must respect individuals’ requests to stop using their information.
In order to foster trust, businesses should make a public commitment to a code of data ethics and take full responsibility for any breaches of this code.
A business that breaches widely practised data ethics conventions or ignores their own code of data ethics runs the same reputational risk as if their digital security was compromised.
Whether done wilfully or in error, a business that publishes, shares or uses data beyond the remit originally agreed to by the customer risks losing that customer’s digital trust and may end up losing the customer altogether.
With new data protection legislation from the EU set to shake up the way businesses across the continent manage and use customers’ information, attitudes and practices need to improve now in order to avoid significant disruption when the regulations come into force.
Any business that processes personal information belonging to individuals must commit to a company-wide data ethics code, thereafter the code has to be communicated and policed at employee level.
Instances of companies breaching digital trust are actually very rare. Breaches typically occur when an individual or team inadvertently departs from a company’s data ethics code by recording, sharing or publishing customer information beyond the remit that it was gathered under.
Employees who have access to customer data must be familiar with the company’s data ethics code and receive training in the appropriate use of the data they handle.
This should be an ongoing process that forms part of staff performance measurements and data ethics training should take place at least once a year.
As well as having the ethical impetus to manage data responsibly, businesses also need to have the right technology in place to support their endeavours.
This year’s Experian Data Quality study found that though 79% of organisations believe customer data will motivate most sales decisions by 2020, 90% of them do not have a sophisticated solution to managing data effectively.
Companies in all industries and regions are experimenting with and benefiting from digital transformation.
Whether it’s in the way individuals work and collaborate, the way business processes are executed within and across organisational boundaries, or the way companies understand and serve customers, digital technology provides a wealth of opportunity and it is crucial that data ethics and digital trust are not forgotten in the rush to adapt.
But customers must take some responsibility too.
They must learn to protect their digital identities with the same rigour they would their passports, birth certificates, driving licences and other physical forms of identification, sharing their personal information only with reputable companies.
They need to familiarise themselves with their legal rights as to the ownership of their personal information and take the time to read companies’ terms and conditions for data use rather than accepting them without hesitation.
Michael is the founder and Chief Executive Officer of Striata. Striata’s Secure eDocument Delivery and Email Bill Presentment & Payment (EBPP) deliver a rapid reduction in operational costs, quicker payments and an enhanced customer experience.
Starting in Michael’s garage, Striata has grown to a global company with offices on 5 continents and customers across the world.
Michael is a pioneer of the internet industry. He has spoken at numerous conferences on the use of email as a business tool and customer communication method. Michael is a past winner of the “Direct Marketer of the Year” by the DMA.
Before the formation of Striata in 1999, Michael was the managing director of VWV Interactive. Michael began his working career with PricewaterhouseCoopers where he became a principal manager in the Consulting & Assurance Services (CAS) and was responsible for both Internet Strategy & Services and Business Information Services.
Michael is a Chartered Accountant. He is a founding member and past Chairman of the Audit Bureau of Internet Standards (ABIS) and an executive and chapter founder of First Tuesday.
Michael is now one of the world’s foremost experts on eBilling adoption tools and techniques. He routinely consults and speaks on driving paperless process in large organisations.