Our lives are tangled up in the
internet. It’s difficult to go an hour, much less a day, without firing off an
email, reading the news, or scrolling through social media. These exchanges are
made possible by the “Internet of Things” (IoT) — a universe of connected technology
which includes mobile phones, computers, wearables, and other “smart” devices. Forecasts
indicate that this universe will expand to around 29 billion connected devices
an 81% increase compared to 2016.
IoT devices have dramatically increased the volume of data generated each day. Today, our accumulated digital universe of data is 4.4 zettabytes. By next year, this number is expected to multiply ten times, reaching 44 zettabytes, the equivalent to 44,000,000,000,000 gigabytes. If numbers make your head spin, brace yourself – this infographic from Raconteur shows “A day in data.”
We are living in the digital age. Technology
has enabled rapid communication and increased productivity, but it’s also
changing the way we live. Your digital activity is a fingerprint – an
expression of identity formed by your Google history, Bumble profile, and
Netflix queue. While your entertainment or purchase history may not feel
immensely personal, you may feel more sensitive about your financial or medical
How companies use data
Data is used in a myriad of ways. Companies can improve their products and services with it, but they can also share it with business partners or sell it to third parties. As Louise Matsakis explains in the Wired Guide to Your Personal Data (and Who is Using It), sometimes consumers benefit from data collection (think: improved Spotify recommendations) but other times, data is mined and sold to the consumer’s detriment (think: telemarketers). Even details like How you Type, Swipe, and Tap are being put to use. Big data has tremendous commercial value – in 2018, U.S. companies spent nearly $19.2B on data for advertising and marketing efforts.[ii]
Cue the TED Pros and Cons of Digital Life playlist which explores how hyper-connectivity is “rewiring our personal lives.” In their TED Talk video, “What your smart devices know (and share) about you”, journalists Kashmir Hill and Surya Mattu tap into that sneaking suspicion we all have – that our favorite devices are collecting and sharing our personal data. Kashmir and Surya conducted a 2-month experiment where they installed 18 connected home devices and monitored how often they relay data to external parties. The journalists found the devices were in constant contact, including one device which shared data every 3 minutes. Surprised? They were. Their reaction points to an underlying social issue that many users don’t know what data is being collected or what it’s being used for.
Consumers are increasingly aware of security risks related to personal data. In 2018, the Identity Theft Resource Center tracked 1,244 U.S. data breaches which exposed over 446 million records of personally identifiable consumer information, a 126% leap from the prior year[iii]. Just this month, Capitol One’s data breach exposed 140,000 U.S. Social Security numbers and 80,000 bank account numbers. Despite their best efforts, leading companies are challenged by the volume and variety of cyber threats. We depend on technology more than ever and companies are struggling to protect it — a fact that’s fueling unease and distrust. As early as 2014, a Pew Research Center survey on social media captured this sentiment, “[Americans] are anxious about all the personal information that is collected and shared, and the security of their data”.
In 2016, the European Parliament
acknowledged that legacy privacy regulation lacked the provisions to protect
citizens in our modern, digital economy. In 2018, the E.U. General Data
Protection Regulation (GDPR) went into effect, requiring business to protect
privacy in new ways. These
include obtaining consent before using customer data, providing consumers the
“right to access” the personal data collected, and explaining what personal
data is used for. Importantly, GDPR applies to all companies processing and
holding the personal data of people living in the European Union, regardless of
where the company is located. The shift is happening across the globe with
forthcoming regulations in California,
In this new landscape, companies must take a proactive approach or pay the
price. In January 2019, the French data protection authority fined Google
50M euros for breaching GDPR with a “lack of transparency, inadequate
information, and lack of valid consent regarding ad personalization.”
Why Companies Should Tackle
Fast forward to 2019. Privacy has
rocketed to the top of the corporate responsibility priority list. Stakeholders
are taking notice — companies who lag on privacy are exposing themselves to
reputational, financial, competitive, and regulatory risk.
Governments are regulating privacy to protect consumers
Investors are concerned with privacy and security risks due, in part, to financial impacts. The average breach costs $3.92M [iv] in regulatory fines, remediation costs, and lost business
Business partners recognize their success depends on the ability to share and protect sensitive information
Customers want to know what data is collected and how it’s used. They want their data secured with best available technology and proactive management
Customers are tuning in to data privacy issues and companies who ignore their needs risk losing business. Compliance is the bare minimum and may not be enough to retain customer trust. Only 25% of consumers feel most companies handle their sensitive personal data responsibly and only 10% feel they have complete control over their personal information[v].
According to Pew Center research, Americans understand that by providing information to companies, they may receive something of value in return. Additionally, their perception of company trustworthiness, influences willingness to share personal data[vi]. This means customers are open to sharing data, provided they understand the benefits and believe the company has strong privacy practices.
It’s early days for digital Privacy,
but the practice of building and maintaining trust is well-trodden CSR ground.
Building on a foundation of compliance, companies should develop strong privacy
policies and the clearest possible communications to explain them to their
customers. The current norm of ticking “I agree” to a long legal document, does
nothing to build customer trust or provide informed choices.
A strategic communications approach
to inform, educate, and empower customers is needed. To resonate, a company’s
privacy communications should be in alignment with company values and address
customer concerns. Communications tailored to customer needs are a natural next
step for corporate privacy programs.