Consumers are so concerned about data privacy that according to the 2017 Consumer Sentinel Network Data Book, data privacy almost beat debt collection in terms of the volume of complaints. This is not surprising since 2017 was a record-high year for cybercriminal activity.
According to a 2017 report from Norton, cybercriminals stole an estimated $1.4 Trillion from consumers. It doesn’t figure to get any better in 2018. A study commissioned by Bronium estimated customer losses from a data breach will hit $1.5 Trillion in 2018.
The growing concern on cybercrime particularly identity theft is understandable. The world has become dependent on the Internet for its needs.
E-commerce has made it easier for consumers to purchase products and acquire services. The Internet has given businesses a cost- efficient conduit to promote their products and services as well as open additional sources of revenue.
However, the transmission of personal data is required in order to process the transaction. Credit card numbers, bank account numbers, and personal identification are some of the data entry fields that need to be filled out.
Data can be intercepted once it is transmitted from browser to server. Even with high-level encryption programs such as SSL or Secure Sockets Layer certificates, data protection cannot be guaranteed.
Passwords are not enough. Your email can be an entry point for cybercriminals who are experts in phishing expeditions.
The reality is hundreds of thousands of websites are hacked every day. For every second that passes, another website becomes a new victim to a hacker. Cybercriminals are staying ahead of the fight to protect customer data.
Thus, data privacy laws are needed to ensure the protection and integrity of all information provided by customers to businesses.
The question is: How will these data privacy laws affect the data that businesses can collect from customers?
Data Protection Is A Global Concern
Last May 25, the European Union (EU) introduced the General Data Protection Regulation (GDPR). It was intended to institute sweeping changes on how data would be collected by businesses from consumers. The provisions of the GDPR strongly emphasized the following conditions in data collection:
- Consent from the customer on data to be collected
- Control by the customer on the types of data to be shared.
- Clear explanation of the reasons for the procurement of customer data.
Why is the GDPR so important? For the simple reason that Europe is one of the biggest markets in the world; in a global economy, Europe provides a rich source of consumers. Businesses around the world want to do business in Europe.
The GDPR’s provisions are sweeping. The policy does not consider the size or type of business. If your business involves the procurement of customer data, you are subject to the provisions of the GDPR.
Countries all over the world will have to develop their own data protection policies and will have to make sure they conform to the GDPR.
Australia is another example of a continent that has taken the lead in the battle to protect customer data. Last 13 February 2017, the Australian government passed the Notifiable Data Breach (NDB) scheme and it was officially in effect on 22 February.
Similar to the GDPR, the NDB defined personal data as any type of information about a person that can be linked to another person. The NDB has taken great lengths to introduce a broad definition of a breach. It covers incidents such as the unauthorized disclosure or access to personal information.
This means online activities that lead to the unauthorized disclosure of personal data like phone numbers, bank account numbers, credit card numbers, residential/business addresses, and email addresses will be considered as incidents of a data breach.
What was the impact of the NDB?
During the first six weeks of the NDB’s implementation, the Office of the Australian Information Commissioner (OAIC) reported a total of 63 incidents of data breach.
Australia is a nation of 24 million people. In contrast, the EU has a population of 511 million people. One can only imagine the number of data breaches that have occurred since the implementation of the GDPR.
The point of the discussion is that the GDPR’s provisions are far and wide more sweeping than the NDB. As previously mentioned, the GDPR does not make a distinction on which entity is subject to its provisions.
With the NDB, only businesses that generate an annual income of $3 Million are required to report breaches. Thus, it is possible there have been incidents of unreported breaches notably from smaller businesses. Clearly, Australia has to do more to fortify its stand against data theft.
If data privacy laws will tighten up, these new regulations while beneficial to customers may present challenges to businesses that need to collect personal information.
Data Privacy Laws: Will They Open The Doors To More Personalized Marketing Strategies?
Forward- thinking brands will not view tighter data privacy laws as a hindrance. Instead, they will view it as an opportunity to deliver better quality goods and services to their customers.
Additionally, they will embrace the situation as a way to get closer to their customers by implementing marketing strategies that take a more personalized approach.
Prior to the implementation of the GDPR, many websites used opt-in forms that hardly had any substance. Once a person visited a website, he/she would be greeted by the opt-in form. It was like a key which allowed the person access to the website.
The GDPR and the NDB made the key vanish. Again, the provisions of the GDPR are designed to give the consumer protection in the form of assurances from the business or service provider:
- Consent – Why should the customer provide you with the data? What are the advantages or benefits of furnishing you with personal information? What will the customer get out of it?
- Control – What are the customer’s assurances that the data will be protected? What safeguards are in place to protect customer information? Is there a chain- of- custody in place?
- Clarity – What will you do with the data? What is the purpose of the data? What will the data be used for? How will the company handle or approach any breach in data?
In view of the GDPR and tightening policies on data protection, companies and marketers will have to adopt more detailed approaches to procuring customer information. They have no choice but to be transparent with consumers.
Likewise, there is no longer such a thing as a free ride. If you want access to customer data, you must give something in return.
Websites opt-ins should offer customers high-value products or services in exchange for personal information. Thus, you have websites that offer free e-books, white papers, newsletters, or limited access to special services.
Search engine giant Google has joined the fight versus data theft by requiring all websites, not just those engaged in e-commerce, to secure SSL certificates. Otherwise, your website will be marked “Not Secure” and it will be punished in the search rankings.
The Internet has tilted the balance of power in favour of the consumer by giving everyone easy access to a wide range of information. Businesses can no longer get by with providing substandard products and services.
Heaven help them should they incur the wrath of a customer who posts his/her bad experience with a company on social media.
Even with the growing threat of cybercrime, once again the Internet has been able to evolve and turn a bad situation into a positive development for customers.
With the increasing urgency of implementing air-tight data protection laws, customers should expect a better experience and deeply personalized approaches from businesses that need their information.
The end result from having more detailed data would mean better quality goods and services.