Privacy remains a topical issue, especially in the world as we know it now.
Companies around the world are modifying their policies to meet both new regulations and new attitudes towards privacy. This is now the choice to rise above what is required from a legal perspective and give customers the assurance that their data is well secured.
Companies have access to an unprecedented volume of data. In fact, our digital universe reached 44 zettabytes of data by 2020.i With advanced technologies at their disposal, captured data can then be leveraged to increase revenue and growth. Understandably, data is now an extremely precious commodity.
In our increasingly digitalised world, data privacy has never been more important. Concerningly, the Privacy Act 1988 and Australian Privacy Policies (APP) are lacking when it comes to protecting personal data.ii Critics of Australia’s existing legislative framework believe that the principles of the European Union’s General Data Protection Regulations (GDPR) are more appropriate for our digital climate, with some hailing it a ‘gold standard’ for its commitment to upholding rights to personal information.
The differences between the frameworks of GDPR and its Australian equivalent are particularly pronounced when it comes to the definitions of consent.iii Unlike the APPs, the GDPR has a more concrete definition of consent and requires it to be expressly given.iv The GDPR also empowers customers with the following rightsv:
- The right to erasure ("the right to be forgotten")
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making or profiling
Whether or not Australian’s privacy laws evolve to address these issues, companies should feel encouraged to proactively adopt the tenets of the GDPR. The reasons behind this are twofold; they are in a better position to protect themselves from cybercrime, and they are demonstrating customer centricity in doing so.
Evidence continues to support the that companies acting with integrity when dealing with customer data enjoy benefits. Notably, Cisco found that 97% of companies observed benefits like a competitive advantage or investor appeal from investing in privacy.vi What’s more, for each dollar spent on privacy, the average company receives $2.70 in return.
Contemporary literature also continues to illustrate that differentiation can be achieved based on privacy policies.vii This was demonstrated by Apple, who positioned themselves as a leader of digital security for its strong encryption developments as part of IOS 8.viii Likewise, TomTom has been hailed first-class when it comes to protecting customer data, with the company moving towards Federated Machine Learning as opposed to centralised data collection.ix
But despite being point of differentiation for some, customers are increasingly expecting companies to take their data privacy seriously. Research from PWC revealed the following:
- 92% of consumers say companies must be proactive about data protectionx
- 88% of consumers say the extent of their willingness to share personal information is based on how much they trust a companyxi
This last point is very important. In essence, if companies want to continue reaping the rewards that comes with customer data, establishing trust is vital. Another study supports this notion, with it being concluded companies can access data with greater ease if they are more transparent with customers beforehand.xii
It goes without saying that to remain competitive in our digitalised world, customer data is key. But now more than ever, companies should do their due diligence and not just ensure they are compliant with existing laws to avoid regulatory risk but seek ways to further enhance their policies. Responding in a proactive manner is an act of leadership that can translate to a more favourable reputation.
Attitudes regarding data privacy are evolving and trust is declining; customers increasingly expect companies to commit to improving their standards. And this is how it should be.
Privacy should go beyond compliance – it’s a human right. When we take this perspective, companies have a legal and ethical obligation to safeguard their customers’ privacy.
i https://www.weforum.org/agenda/2019/04/how-much-data-is-generated-each-day-cf4bddf29f/
ii https://www.zdnet.com/article/oaic-wants-stronger-enforcement-powers-in-australias-revamped-privacy-act/
iii https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/
iv https://www.termsfeed.com/blog/gdpr-vs-australian-privacy-principles/
v https://www.csoonline.com/article/3110467/cybercrime-damages-expected-to-cost-the-world-6-trillion-by-2021.html
vi https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-series-2019-cps.pdf
vii https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/privacy-as-a-differentiator-going-beyond-regulations
viii https://www.wired.com/story/smartphone-encryption-apps/
ix https://download.tomtom.com/open/banners/Whitepaper-Beyond-Privacy-Regulations.pdf
x https://www.pwc.com/us/en/services/consulting/library/consumer-intelligence-series/cybersecurity-protect-me.html
xi Same as above
xii https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust