Skip to main content

Deloitte Cyber reveals best data privacy practices for retailers during the holiday shopping season

NEW YORK, NY, USA, 24 November 2020—During this time of tightening COVID-19 restrictions and more physical restrictions, retailers are more focused than ever on reaching the online customer. However, as societies move to “safer at home” scenarios are they “safer online” as well? As the holiday shopping season ramps up this week, Deloitte is revealing the top data privacy practices retailers need to keep top of mind

The recent Deloitte “2020 Deloitte Holiday Retail Survey: Reimagining Traditions,” while focused on American consumers, is a good indicator of how most global consumers will likely behave this year in light of COVID-19. 64% of survey respondents indicated that their holiday shopping budgets will be spent online during the holidays—a number which will likely only increase in the coming weeks. At the same time, Cyber Monday has also bypassed Black Friday in importance for all generations (59% of respondents plan to shop on Cyber Monday versus 48% on Black Friday). These trends have brought cyber practices to the forefront for many retailers.

Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business. Earlier this year, we saw the rise if phishing campaigns for consumers around the pandemic; cybercriminals will simply adjust their phishing lures now to email themes to current holidays and events,

said Emily Mossburg, Deloitte Global Cyber Leader.

"Striking the right balance between secure transactions, data privacy and positive user experiences is crucial for organizations to confidently expand online services and customer reach."

Customers, vendors and supply chain partners want to know that cybersecurity is a priority for the organizations and institutions to which they entrust their transactions, information, and personal data. Employees want to feel certain that their work-related data is secure, and that the networks they need to do their jobs will function properly.

Organizations should ask themselves what they must do to build and maintain trust.

  •  With more data, more connectivity, more access, do we understand our cyber risk and are we confident our Cyber program will maintain and strengthen trust? Finding and knowing where the most vulnerable areas are within an infrastructure and systems is an important first step in building a top-tier cyber program. Use this knowledge to minimize weaknesses and enable a robust digital environment that is highly reliable, available and secure.
  •  Are we proactively detecting for fraudulent activity and cybercrime? Ensure that financial transactions are secure, and systems operate with integrity. Monitor the dark web to identify organizational exposures and historical, active and planned attacks against your organization. Perform sentiment analysis to improve staff, supplier and customer communications.
  •  Is data collected ethically and protected appropriately? Embed Cyber and data governance into systems that enhance safety measures in the physical space. Educate personnel involved in data collection about their new responsibilities as data collectors and stewards of security and privacy.

Just before the holiday season began, the European data protection rules changed with immediate impact on current data sharing practices. Since the Court of Justice of the European Union (CJEU) made their judgement in the Schrems II case there is work to be done for organizations that share/transfer personal data from/to the USA and EU countries. International operating retailers that transfer data will have to make sure the contractual agreements on data sharing match the increased strictness of the European court and subsequent guidance from the European Data Protection Board.

Even with the promise of Coronavirus vaccines on the way, retailers should not rest easy in preparation for next year’s holiday retail season as online marketers targeting consumers will have to start thinking of new ways to target, engage and redirect customers to their platforms. To make the Internet safer, the use of third-party cookies will no longer be possible by 2022. This means a major shift in digital marketing practices, in favor of privacy protection of consumers.

These decisions reinforce the importance of data protection to global commerce and the critical role that privacy professionals play in implementing protections in line with foreign legal requirements.

Organizations that created new workforce strategies and customer service approaches under the pandemic pressure of 2020 will need to determine if they warrant longer term adoption and transform the ad hoc procedures into best practices for the future. From a Cyber lens, digital trust is a critical facet of society’s ability to thrive in the next normal.

Retailers are trying to get closer to their customers by using new technologies like augmented and virtual reality and this should come with a focus on consumer trust,

 said Annika Sponselee, Deloitte Global Data and Privacy Leader.

"Retailers should provide straightforward language in their privacy communications explaining how they are protecting it and why data from consumers is being used."