Developing brand trust in a data breach world


Who have you shared your personal information with today?

As the Information Age forges on, it’s become increasingly common for businesses and organizations to collect consumer information, whether it’s done through questionnaires, or applications that track spending and online activity. Consumers are increasingly willing to give that information away, even as stories about high-profile data breaches dominate the headlines.

That doesn’t mean those headlines aren’t having an impact, however. As customers become more digitally savvy, they carry a heightened expectation that their trust won’t be betrayed — that their personal information will be secure and used responsibly by those with whom they share it. Many companies learn the hard way that bad media coverage and regulatory actions are the least of their worries following a significant data breach. It’s the loss of their customers’ trust that hits the hardest.

But it doesn’t have to be that way.

The value of trust

It can’t be overstated how big a role brand-trust plays in the relationship between business and consumer. In its latest Annual Privacy Index, Deloitte found that 69 percent of respondents believe trust in a brand is the most important factor when making a decision about whether or not to share their personal information. This trust is beating out benefits like the promise of discounts or membership rewards. While most may not be aware of how businesses are supposed to handle information under their own government’s privacy laws, they fully expect to be notified if their data might have been compromised in a breach.

The good news is that despite their expectations of security, consumers are also willing to forgive lapses — if they’re handled the right way. According to the same Deloitte release, 76 percent of survey respondents said they would actually be more likely to trust a brand after a breach, assuming there was a timely and detailed explanation of the attack, remediation plans and ongoing notifications.

The lesson here is that when it comes to data security, planning and communication are just as important as prevention. In fact, with nearly half of surveyed companies reporting an attempted data breach in 2017, the first two points may be even more crucial than the last. That’s not to say you shouldn’t be doing everything you can to beef up your defenses — but when it comes to responding to data breaches, you might be better off thinking in terms of when, not if.

Communication, communication, communication

It’s worth repeating: Communication is key. If you think your privacy policy or terms and conditions are enough to cover you, consider this: When was the last time you fully read an online privacy policy?

In 2012, the Internet Society reported that only 16 percent of internet users they surveyed would fully read privacy policies before agreeing to their terms. Out of that small group, only 20 percent said they actually understood what they were reading.

Obviously, you can’t force your customers to read the fine print. What you can do, though, is take steps to ensure those who do read can actually understand what they’re agreeing to. In crafting your privacy policy, focus on being concise, clear and direct. Tell readers exactly why you need their data and what you plan to do with it. And if you want to keep their trust, don’t deviate from that policy.

Using data responsibly

Are you a social media superstar, or do you count yourself among the thousands who #DeletedFacebook in the wake of the Cambridge Analytica scandal?

Facebook’s woes in early 2018 provide a perfect example of what happens when users lose faith that a company will protect their personal information. What’s important to understand is that that incident was not a “data breach” in the traditional sense. Cambridge Analytica’s collection of user data was actually permitted by Facebook policies at that time, raising the question among consumers worldwide of how companies are leveraging the information they’re so eager to collect.

Going back to the Deloitte survey, the company describes the ideal business-customer relationship as a balanced symbiosis — both sides benefit from each other. What we’ve seen too often in recent history is what Deloitte describes as a “parasitic symbiosis,” in which a brand greedily collections personal information at all costs and with no regard to safety or reputation. They may then go on to sell that information or use it for other nefarious purposes.

If you want to avoid the type of scrutiny that comes with that kind of breach of trust — including congressional testimony and a merciless crowd of angry users — you’ll learn from Facebook’s mistakes.

The bottom line is that the best time to review your data collection policies and build user trust is yesterday; the next best time is today.

According to Experian, nearly one-third of organizations the company talked to have no plan in place to resolve global breaches. If you count yourself among that crowd, would you be comfortable with your customers knowing that? And how do you think that would affect their trust?

Share This
Get new blog posts sent right to your inbox!