Is Your Customer’s Personal Data an Asset or a Liability?
This month the House and Senate drove two more nails into the coffin containing what remains of personal data protection for citizens of the United States. Senate Joint Resolution 34 struck down rules stipulating an Internet Service Provider (ISP) must obtain opt-in permission to use and sell consumer’s private data including browsing history, health, and financial information. Swift approval at the White House is assumed, and ISPs will soon be free to do anything they want with the information describing their customers’ lives online, without their permission or knowledge.
Those for this change argue online businesses like Google and Facebook are already free to collect, analyze, and sell our information. Critics point out the qualitative difference between a consumer’s ability to use different websites and change their ISP.
Meanwhile, the inexorable march towards May of 2018 continues, when the European Union’s General Data Protection Regulations (GDPR) go into effect. In recent months, Digital Clarity Group has shared the meaning and impact of GDPR with dozens of Fortune 500 brands who will be subject to these rules. Few had taken any meaningful steps toward compliance. Among CMOs, who often control much of the organization’s customer data, awareness remains low. Surprisingly, this general lack of understanding and action towards compliance exists whether the company is based in the US or the EU.
Contrasting viewpoints on personal data
The stark contrast between the EU and the US philosophy on privacy portends more complexity for organizations with global reach than ever before. Such entities will be forced to either adopt EU regulations as a universal approach or treat customer information at the core of their data management practices differently depending on geographical location of the consumer. Unlike previous EU regulations which only asked for surface-level notifications and threatened namby-pamby fines, the GDPR has teeth, and the changes required for compliance reach deep into the technology stack as well as business rules and processes. Failure to comply could result in extinction-level fines or worse.
Interestingly, the complexity of fluctuating and varied regulatory environments on personal data is not the only trend forcing organizations to take data protection more seriously. On the cybersecurity side of the discussion, the potential costs of improper data handling are high and growing. A recent IBM-sponsored study1 shows the average cost of a single breach across the 383 companies who participated was $4 million, up 29% since 2013. Another separate consumer study2 showed that among 2000 participants, 87% were unlikely to do business with a company who had a breach involving credit card data.
Ironically, most of the marketers I’ve spoken to lately share a similar sentiment about the explosive growth of customer data: “I’m drowning in raw information but short on actionable insight.”
Beyond all the legal wrangling I think there’s an even more important question about how organizations treat customers in the 21st century. Most executives, marketers, and customer experience professionals, if asked, would say they want their customers to love the brands they represent. Many of those same brands, when dealing with their customers’ deepest secrets, are willing to handle them without appropriate security or sell them to the highest bidder. This apathy is not how you treat someone you like, let alone love.
All of this leads me to wonder, is all of this data truly an asset? And if it is, how long will it be before it’s value is so severely depreciated that it is considered a liability?
I will be speaking about data protection and privacy at the MarTech Conference in San Francisco on May 10th, 2017. However, if you can’t wait that long or you’d like a conversation tailored to your organization’s unique scenario, please contact us to schedule a workshop where we will take a deep dive on emerging regulations and begin to unpack your particular exposure.
1. IBM Sponsored Study: 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute
2. National Cybersecurity Institute: How does a data breach affect your business’ reputation?