Data security and consumer trust go hand-in-hand in our evolving digital world
There’s no doubt that data is a catalyst of growth, forcing companies to increasingly rely on it to drive innovation and enhance consumer appeal. However, companies must focus on leveraging data for growth and ensure the protection and ethical use of consumer information. Establishing a strong foundation of trust with consumers is essential, particularly in light of increasing concerns over data breaches and privacy. As the cornerstone of data’s value, companies must have a strong social contract prioritizing data security to gain consumers’ trust in supplying organizations with their data.
Crisis of Confidence Among Consumers
We have entered an era where consumer confidence is waning. According to a recent Cisco survey, 76% of consumers said they would not buy from an organization they did not trust with their data. This sentiment is echoed by the 81% of respondents from the same survey who agreed that how an organization treats its data indicates how it views and respects its customers. As privacy concerns escalate and data breaches become more prevalent, it is imperative for companies to forge a robust social contract that places the protection of consumer data at the forefront.
The absence of such a social contract can lead to dire consequences, including a significant erosion of consumer trust, which is the cornerstone of any successful business relationship. Moreover, companies are liable to legal and compliance repercussions in the event of data breaches, which can have long-lasting negative impacts on their reputation and financial standing.
Companies must embrace a privacy policy written in plain language. It should be obvious to the reader what data a company collects, uses, shares, and discloses about them. Transparency builds trust with consumers and trust delivers loyalty. The irony being that “loyalty” programs are some of the worst offenders, in terms of, a lack in transparency to their consumers. Practical steps can make a difference without much effort. Privacy policies easily found on website landing pages. Use plain language that is easily accessible and understandable for consumers. By doing so, companies can demonstrate their commitment to data responsibility and build consumer trust, an asset in building deeper brand relationships.
Recent Data Breaches
Businesses today thrive on a global infrastructure through the exchange of data. They collect, store, and share massive amounts of sensitive information like customer emails, addresses, and Social Security numbers, aiming to ensure the best customer service is maintained while also adhering to data protection and privacy laws.
However, the recent cyberattack on Change Healthcare serves as a reminder of the importance of harnessing data responsibly. This breach, poised to become the largest health data compromise in U.S. history, was precipitated by unauthorized network access. The attackers exploited an application used by staff for remote system access, deploying ransomware that ultimately led to credential compromise.
This breach highlights how thin of a line these businesses walk as the attack has impacted 129 million individuals and 67,000 pharmacies globally, including all our military hospitals around the world.
Enhancing Data Security and Consumer Trust
To enhance data security and foster consumer trust, organizations must strike a delicate balance between harnessing data for business growth and upholding ethical standards. Organizations must develop frameworks that not only enable data sharing but also adhere to stringent data protection regulations. The act of sharing data unlocks collaborative growth opportunities with external partners and supply chains, catalyzing economic gains.
To mitigate data-related risks, companies must transition from traditional tools to innovative solutions that meet industry compliance and enhance data accessibility. For instance, strategically leveraging third-party vendors is essential for harnessing cloud-managed data warehouses, applications, and analytical tools, allowing for the responsible extraction of business value from data.
Further, the industry needs to radically shift their thinking in the way they approach the sensitive data problem. Two questions, do I have high risk data like social security numbers? More importantly, how many people in your company should see that data in clear text?
The first question is a security question. The second question is a data consumption one. If the answers to the questions are “yes” and “very few” then why protect data at every request by the 99.9% of users? Invert the security model and the natural security state for this type of data is protected. Using tokenization techniques obfuscates the value for a reader but maintains 100% of the data utility for analytics. By implementing this model, only .1% of the requests require transformation to clear text. It markedly improves security posture, widens access to high value customer data, and accelerates it to the teams thirsty to innovate.
Harnessing Data Responsibly
Organizations must judiciously select solutions that not only comply with legal standards but also safeguard sensitive data types such as Personal Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry (PCI), and Intellectual Property (IP). Tokenization is a recommended approach by the regulatory bodies because it is an effective, principled approach that in the case of PCI renders systems out of scope for audit.
Zero trust principles applied to applications, users, and servers is a growing trend in security because when executed well it is particularly effective for cloud environments. Microsoft summarized the three principles of Zero-Trust as Assume Breach, Verify Explicitly, and Use Least-Privilege Access. By implementing tokenization, organizations are applying Zero-Trust directly to data. Minimizing risk throughout the data’s lifecycle from collection to its final application. This proactive approach to data security is essential.
In 2023 the security industry was $185 billion and grew 14% year-over-year yet data compromises are up 78%. It maybe is stating the obvious, but those numbers don’t add up for consumer privacy. Accenture estimates that by 2030 businesses will unlock $3.6T in data value. The value of data for businesses cannot be overstated. By investing in data security, embracing transparency, and adopting a Zero Trust approach, companies can protect sensitive data and maintain the loyalty of their customers.
As we look to the future, the responsibility lies with businesses to continually adapt and innovate in their data management practices, safeguarding the privacy and integrity of consumer data in our evolving digital world.
About the Author
Alasdair Anderson is the Vice President for Europe, the Middle East & Africa at Protegrity. Prior to joining Protegrity in 2020 Alasdair worked in Financial Services industry for over 20 years as a technology executive. Alasdair was an EVP at Nordea Bank in Copenhagen where he led the Data Technology division. Alasdair moved to Copenhagen after nearly a decade as a Director with HSBC in the Investment Banking technology area. Prior to HSBC, Alasdair worked in multiple data management roles for JP Morgan, BNP Paribas, RBS, Man Investments and other Financial Services companies.
Alasdair speaks frequently throughout Europe on the topics of Cyber Security, AI, Data & Analytics and Innovation. In 2017 Alasdair was appointed a Global Scot by the First Minister of Scotland for recognition of his effort to further Scottish Global Trade. A native of Glasgow, Scotland, Alasdair now resides in Amsterdam, The Netherlands. Alasdair can be reached online at [email protected] and at our company website https://www.protegrity.com/.
Source: www.cyberdefensemagazine.com