Skip to main content

Individualised or intrusive? Using personal data ethically

Deloitte Future of Cyber Survey

How cyber is shaping the future.

People expect personalised, targeted experiences. We want everything from food delivery to travel and healthcare to be frictionless, based on our past interactions. What we don’t want is the sense we’re being followed everywhere by marketers feeding us an endless diet of coupons for things we’re not interested in.

How companies manage customer data, connect online and in-person experiences while protecting privacy can be the difference between profit or loss and even long-term survival.

Privacy by design

For every customer-facing project, it’s important to take privacy and security into account at the beginning. Ask yourself, how important for our business model is having this degree of intimacy with our customers? Carefully think through the type of information you need to provide the right level of service. Then understand who needs to access it and how it will be stored and protected. When we asked Chief Marketing Officers if they were able to measure and demonstrate compliance with global data privacy regulations, the majority (85%) responded that they could.

Avoid data bloat

Simply harvesting reams of data in the hope that it’s useful in the future is a drag on resources and likely a recipe for failure. Customers resent giving up personal information when they don’t clearly see a benefit. Collecting and effectively using data to create authentic, personalised and human experiences is a catalyst for growth. The flip side is the more data you have, the more risk you encounter. It’s all about balance. When asked, the CMOs we polled were evenly split between answering it was more important to collect data to personalise customer experience versus more important not to collect personal data in order to protect against a breach.

Customers don’t think about their data like businesses in terms of privacy, security, and identity. They think, ’Does the company have my best interests in mind? Are they using my data in a way that benefits me or them? Are they doing everything they can to keep my personal information tight?

Annika Sponselee, Global Data & Privacy Leader, Deloitte Cyber

Value and trust

Today, people realise their personal data has intrinsic value. They see handing it over as an investment and want to know what is the return: providing personal information should make life easier. Like anything of worth, it must also be safe and secure. Also, people are demanding agency, seeking to choose how and when then their data is used. When companies reliably deliver on their promises, customer relationships deepen. The extent customers trust your company is reflected in their behaviour. High trust scores correlate closely with repeat business—their chance of buying again rises 540% when they believe companies are reliable. Perhaps just as significantly, they will support you strongly on social media. As a result, trusted businesses greatly outperform the rest—for example, trusted companies were 2x* more resilient during the past year. According to our survey, 91% of CMOs stated they feel their organisations balance data collection with engendering trust either “very well” or “somewhat well”. Such a high confidence level begs the question, is this view shared by other C-suite members? It certainly points to the need for a collaborative approach to ensure blind spots aren’t overlooked.

* Deloitte HX TrustID research October 2020 – June 2021

Are you able to measure and demonstrate compliance with global data privacy regulations?

Ethics over regulation

Increasingly, consumers are deploying their purchasing power to support companies with sustainable environmental policies and are proactive on social issues. Their concern also applies to how companies use personal data.

Traditionally, companies have sought guidance from regulators about what they should and shouldn’t do. While compliance with the various laws around the globe is vital, it’s no longer sufficient to just assume people are willing to share personal data at all if you cannot explain the purpose. Plus, the explanation needs to be in plain language and easily understood.

Regardless of location, companies who bring trust into their DNA and clearly communicate their willingness to adhere to the privacy rights of customers are benefitting from greater faithfulness. Making it easy for customers to access, delete or move their data should be part of your simple and straightforward user agreement. When customers see that a company thinks through its data policies and can chart its own course, they are more willing to put their data onboard.

Make trust your guiding light

Outline the experience you’re trying to create and understand the data that you need (and don’t need) to do it. Hold everyone in the organisation accountable for building trust.

1. Begin with privacy by design.

2. Use the data that you collect. Don’t collect data you don’t need.

3. Dissolve silos so information is accessible and flows freely throughout your organisation.

4. Create seamless experiences that engender trust.

5. If/when there is a breach, use the moment to learn and build more trust from your mistakes.

6. Make your communication department integral to everything you do.

In your opinion, how well do you feel your marketing organization balances data collection with engendering consumer trust?

Dissolve the silos

CMOs and experience officers tend to make decisions based on brand and marketing requirements and only at the very end check with the CISO if data has been gathered correctly (and usually, the answer is, “No!”). Everyone is on a different team. One team sees their job as gathering as much data as they can, the other wants to only gather what’s necessary and protect it. A better approach is to examine together what is the right balance between capturing the information required to deliver a seamless experience and the need to mitigate risk for both the company and its customers. Before using data to connect the dots of customer experience, organisations need people who can make connections outside of their silos. It’s a two-way street. When designing privacy policies and communications, bring in marketing. This is increasingly central to brand intentions and messaging, so they can help.

Into the breach

Despite taking the greatest precautions, data breaches happen. It’s wise to consider them an eventuality and be prepared. Getting caught flatfooted will make a bad situation worse. How you respond sends clear signals about your brand. Not only should you rehearse an incident response plan alongside your cyber team testing scenarios around a data breach but also collaborate on the recovery plan and related communications strategy. According to our survey, CMOs indicated that work is being done to fully align with the cyber organisation with 46% saying they participate in such planning and testing once a quarter. Global responses vary with CMOs in Argentina, Germany and Australia revealing a higher level of integration with cyber teams over other countries. When a breach does occur, regard it as your obligation to fully inform customers about what has occurred. Clearly outline the services you are providing in response and think about which channels of communication best convey your message: Does it warrant a personal letter from the CEO? A gift? Or other compensation? Despite the gravity of the circumstances, deftly communicating with your customers can also be an opportunity to deepen your relationship with them. Handling a difficult situation well by putting the interests of your customers first can help your reputation to quickly rebound and inspire even greater trust.

How often do you participate in your organization's Cyber Incident Response planning and testing?

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey