Take Data Privacy and Transparency From Buzzwords to Action

Companies have a responsibility to be clear and upfront about what they do with customer data. Here are three key steps.

Kathlyn Card Beckles, Chief Legal Officer and Corporate Secretary, Verisk

January 19, 2023

5 Min Read
Data Privacy Concept - Hit Target.
Illia Uriadnikov via Alamy Stock

In the information age, it has become more common for businesses to collect, analyze and, sometimes, share customer datato fuel actionable insights and drive business growth. Meanwhile, informed and cautious customers now demand transparency on where their information goes and exactly how it’s used. In a recent Cisco survey, consumers said data transparency was the top thing organizations can do to build trust regarding the use of personal data.

This concern for transparency has reached the desks of government officials across the country. While there currently is no federal data privacy framework, five states have comprehensive data privacy legislation -- similar to the European Union’s GDPR -- while more states are introducing bills to give consumers more control over how businesses collect and profit from their personal data.

As states pass regulations to better ensure data security and privacy, businesses everywhere are being challenged to take their strategies to the next level. It’s never been more critical for corporations to embrace transparency and go beyond buzzwords to tackle the issue with meaningful action. Businesses can do this in three ways:

1. Create a strategy that builds trust through transparency and empowerment

Trust in tech companies has declined over the last decade. In the US alone, consumer trust in all businesses dropped by five percent from 2021 to 2022, according to the Edelman Trust Barometer. One of the core ways to help break the distrust cycle is by providing clear, consistent information. But data privacy policies today often lack clarity.

Too many businesses rely on nebulous, jargon-filled policies that don’t actually answer any questions and leave customers confused about how their data will be used. Businesses should regularly update a thorough and transparent privacy policy with standard procedures. They should also consistently inform customers of how, why and when their data is collected, shared, sold or stored.

The vast majority of consumers (90% according to one survey) are actually willing to share their data when presented with the right value exchange, and more than half trust companies that limit the amount of personal information they request. Businesses should clearly articulate the consumer benefit of sharing their data and only collect necessary information. But they must go beyond that as well. They should allow consumers to opt out of having their data stored or sold to third parties. When consumers are empowered in the process and made fully aware of what companies can and can’t do with their personal data, it benefits both sides and builds trust.

2. Create a multi-layered approach to security to account for today’s risks

Data breaches are becoming more common and costly, making security a priority investment for any business today. Data loss and leakage represent the top cloud security concern for firms. Even 71% of consumers worry about their personal information being exposed in a data breach, according to the Edelman survey.

Businesses can enhance their data security in multiple ways, such as by implementing encryption, having routine data backups, adopting multi-factor authentication tools, and undergoing SOC compliance audits and penetration tests. It’s also critical to establish secure privileged account access, ensuring that people as necessary have access to sensitive consumer data.

While some of these tactics may seem common, only 38% of organizations use multi-factor authentication for privileged accounts and, according to a 2020 article, one-third of data breaches involved privileged accounts being compromised. Implementing the aforementioned security practices and notifying customers about them is another way to promote transparency and build trust.

3. Educate and enforce data privacy best practices for end-users

True action on data privacy requires a holistic approach of transparency, security, education, and enablement. Customers of both B2C and B2B companies need to be educated and enabled to practice good data privacy protocols. Companies can promote this by developing a privacy-first user experience for their websites and apps.

For example, companies can include automatic timed logouts, strong password requirements, and multi-factor authentication for customer accounts. These features make data security easier for users and show them that the company is cautious with their data.

Businesses can also educate consumers on their personal data rights, whether these are established by the company or government regulations. These may include the right to access their data – for example California, Colorado, Connecticut, Virginia, and Utah all provide consumers a right to access much of their data — the right to delete data, the right to restrict data processing, or the right to object to marketing.

Proactive Strategies Pay Off in Long Term

Consumer data will continue to play an essential role in business operations. But companies must remember that stewarding that data comes with a responsibility to the customer. As data privacy legislation gains momentum, companies that get ahead of the curve with clear privacy policies and risk mitigation strategies will position themselves as forward-thinking leaders while building consumer trust and loyalty.

About the Author(s)

Kathlyn Card Beckles

Chief Legal Officer and Corporate Secretary, Verisk

Kathlyn Card Beckles is Verisk’s chief legal officer and corporate secretary, providing leadership for all legal aspects of the business, as well as leading corporate governance, compliance, and internal audit.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights