The phrase ‘data is the new oil’ highlights the huge value that has been placed on personal information in the modern, digitized world.
Rising internet usage has revolutionized how our personal data is used, with billions of people voluntarily sharing information about themselves on social media and other websites. People are also increasingly trusting businesses with their data, including payment details, to enjoy the benefits of the online world.
However, the growth of online data has raised numerous security and privacy issues. These include the real and persistent threat of personal details falling into the hands of malicious actors through data breaches.
Other concerns revolve around how legitimate organizations are using consumers’ data in ways they are not aware of or have consented to. These include the creation of inferential data and data scraping, while the use of cookies and sharing customer data for advertisement purposes have also raised ethical and legal concerns.
In response to this landscape, a plethora of data privacy laws have been enacted across the globe, most famously, the EU’s General Data Protection Regulations (GDPR) in 2018.
These trends have undoubtedly changed people’s relationship with their personal data. But how are they affected consumers’ attitudes and behaviors online?
Changing Attitudes to Privacy
Sarah Pearce, partner at law firm Hunton Andrews Kurth, told Infosecurity that the GDPR and surging levels of data breaches have pushed security and privacy into the mainstream news, and consequently, public consciousness.
“There is certainly increased awareness around data privacy (and security); people now generally know what personal information/data is,” she noted.
This awareness is having real-world effects, with more consumers willing to stop using businesses and services that are not meeting expectations around privacy. An example of this is the decline in Facebook users in recent years, which is believed to be linked to privacy concerns about the firm.
Müge Fazlioglu, principal researcher at the International Association of Privacy Professionals (IAPP), said: “Consumers care more about their privacy than they have ever before. They are also more willing to take some kind of action (whether that is to delete an app from their phone, avoid a certain website, not make a particular purchase or switch service providers) if they feel that their privacy is not being protected by a company.”
It is clear that data privacy has a become a key factor in the choices consumers make; however, the extent this plays a role depends on the type of consumer.
Speaking in an episode of the Infosecurity Magazine podcast, Valerie Lyons, COO and senior consultant at BH Consulting, broke down how attitudes around privacy are heavily influenced by age. Research shows that people are willing to trade privacy in return for certain benefits that vary according to their generation.
For instance, Lyons noted that people in their early 20s are more willing to trade aspects of their privacy for social benefits, with older consumers more likely to exchange their personal data for financial gain. The willingness for such trade-offs is referred to as a “pragmatic” approach to privacy and is often seen in respect of areas like online shopping.
Whereas older generations, particularly those over 60, have high privacy concerns “and they’re very cagey and uncomfortable online,” she added.
Lyons caveated that online users’ attitudes differ according to the type of personal information, with people taking a much more “fundamentalist” view when it comes to financial and banking data. However, there tends to be a more relaxed attitude when it comes to activities such as browsing online, which she labelled as “privacy unconcerned.”
“When we see privacy as a CSR we increase funding for it and see it as a business enabler rather than a disabler”
Pearce agreed that many consumers are open to sharing certain information in return for purposes, including accessibility and financial benefits. Broadly though, she views people as being in one of two camps.
“There are those who are super protective over their personal data and don’t like to hand it over at all, and those who are willing to share without too much concern for what it is being used for,” she explained.
These attitudes do correspond with the generational divide, but Pearce added that this relationship is becoming “less clear cut.”
Meeting Consumer Privacy Needs
Clearly, in the modern era, businesses have a lot of responsibility to avoid falling foul of the myriad of data privacy laws in place. Yet, the experts that Infosecurity spoke to emphasized that organizations’ privacy practices must go beyond mere compliance to meet consumer expectations in this area.
“Most consumers see laws as the primary motivator for companies work to protect their privacy,” noted Fazlioglu.
As a result, Lyons believes that many organizations “need to start thinking differently about privacy,” and view it as part of Corporate Social Responsibility (CSR). This will mean seeing it in a more positive light, paving the way for improvements to be made.
“When we see privacy as a CSR we increase funding for it and see it as a business enabler rather than a disabler,” she explained.
Lyons added that this approach will lead to a more prominent role for privacy professionals, as they will “get to communicate what they’re doing to the board and other business stakeholders, because they’re the people reading the CSR reports.”
This strategy will inevitably involve a far greater understanding of an organization’s customers, and fitting policies around the different perspectives.
“We need to understand our consumers when we’re designing products and understand are our consumers going to be demonstrating the fundamentalist experience, the pragmatist experience or the privacy unconcerned experience,” outlined Lyons.
One area organizations can improve their approach to privacy relates to cookie usage and implementation of cookie banners, according to Pearce. She said that while consumers are generally becoming more accepting of additional cookie acceptance/rejection that references a privacy notice, people get put off by incorrectly implemented cookie banners.
Pearce warned: “Get it wrong and you risk losing customer engagement as many tend to just not visit a certain website.”
With high-profile data breaches regularly littering the news cycle, cybersecurity is a huge aspect of this issue. Surging attacks mean organizations must have mechanisms in place to mitigate the risk to sensitive customer data when their systems are penetrated. “Businesses need to monitor closely and ensure they are prepared for the inevitable – it’s not if but when a cyber-attack will occur,” said Pearce.
Fazlioglu also emphasized that organizations’ handling of data breaches is a critical component of meeting consumer expectations around their personal information. She acknowledged that no business is immune to an attack, and a company’s response will determine the extent of the damage to reputation in the eyes of consumers.
It is highly advisable to be upfront and transparent in these situations, offering as much support and advice as possible to those affected.
“It’s not necessarily the breach of data that causes consumers to lose all their trust in a company, but, rather, it’s in how well they handle it (or not). Indeed, being unprepared for, or reactive rather than proactive, when a data breach does occur, will come with the additional loss of consumer loyalty,” stated Fazlioglu.
Managing Privacy in the Future
Businesses need to look beyond legislation when it comes to designing their privacy strategies. Consumers are increasingly aware of data privacy and security, and this issue has become an important factor in purchasing decisions.
Organizations must also be conscious that consumer attitudes and expectations will continue to evolve in this area, especially as new generations of digital natives emerge.
“We need to get new insights in as those new generations come through, particularly into the workforce,” noted Lyons.
This requires an agile mindset and continuous updating of privacy strategies based on a changing privacy landscape, fed by evolving regulations and consumer demands.