Andy Teichholz, global industry strategist, compliance and legal at OpenText reveals what people really think about data privacy and what steps organisations should take to protect personal data.
The pandemic and related lockdowns forever changed the way we live, work, and interact with each other. This change is being reflected in adapted behaviours across all areas of our lives, in everything from the shift to online shopping to the prevalence of remote work. To help facilitate this change, more than three-quarters of employers now offer hybrid work arrangements, allowing their staff to work both remotely and from company offices.
As an employee, hybrid working offers a new level of flexibility that allows work to fit around one’s own schedule and lifestyle. However, it also means work files and business data – which often includes personal and sensitive information – are today being accessed and shared across literally thousands of work locations. In parallel, with so much of our lives becoming increasingly digitised – and by necessity requiring us to share more and more of our personal data with those organisations with whom we interact, consumers are understandably becoming increasingly concerned with the privacy and protection of this information.
To fully understand consumer attitudes towards data privacy, we commissioned a global survey and discovered that almost three quarters (72%) of consumers say they have had new concerns about how organisations are using their data since the start of the pandemic. Such is the strength of these concerns that almost half (46%) say they would no longer use or buy from a company they were previously loyal to if it failed to protect or leaked their personal data. In addition, three in five (60%) would be willing to pay more to use or buy from an organisation that was expressly committed to protecting their personal data.
In addition to this, the rise in remote and hybrid working has caused distress, with four out of five consumers (82%) more anxious about their personal data being stolen because organisations now operate in distributed work models. Half (49%) now say their worries stem from not understanding how businesses commit to protecting the data collected.
Education is essential
It is no surprise that consumer concerns around data privacy point to a lack of knowledge and awareness on the subject. After all, there is very little real opportunity for the public to get educated on the complex ins and outs of how their data is handled. However, in stark contrast to this, the mainstream media is constantly publishing news around the ongoing stream of data breaches that UK and global businesses are experiencing. Therefore, it is understandable that consumers may be (somewhat) misinformed and overly fearful.
Unfortunately, the pandemic has played a role in exacerbating consumer concerns around data privacy. For example, now that the use of NHS Track and Trace is no longer mandatory, our research found that three in ten (29%) UK workers are concerned their data will not be deleted even when it is no longer needed to combat Covid-19. Even though the NHS and other healthcare organisations have been storing our data for decades, the launch of the NHS Track and Trace app in the early days of the pandemic raised concerns over how and where our data will be used.
In addition to a lack of awareness, these worries can be attributed to the majority of citizens not having previously engaged with sharing information in this way. Though many are taking steps towards digital transformation, organisations have traditionally operated in a largely offline manner. As the world is becoming increasingly digitised, apps will play a growing role in how we interact with countless areas of our lives, across everything from healthcare to banking. However, the anxieties around our personal data will not go away on their own. Therefore, it is up to organisations to ensure they are doing what they can to reassure and educate their customers on the realities of their data handling and management practices.
While consumers are becoming more actively engaged with and aware of their data, it also presents new considerations and challenges for organisations. Our research confirmed that data privacy is becoming an increasing priority for consumers. To help organisations ensure that customer trust and confidence is not lost, I’ve outlined three practical steps they can take moving forward:
Step 1: Improve governance to keep track and manage your data
One of the key issues around personal data is the manner in which it is often spread across a multitude of repositories or controlled by one department or business unit and isolated from the rest of the organisation. This siloed information is not often connected to or integrated with other organisational systems, making it hard to establish an integrated governance strategy. To address concerns around personal data, achieving an integrated view of all this information will be critical. Failure to do so will make it extremely difficult to take appropriate actions since there lacks a unified lens to access, manage, and report on personal data. Information governance solutions can be used to manage the lifecycle of processed personal data. Not only can these solutions help to track where data is stored, but they can further support content classification and apply policy-based retention to comply with data minimisation requirements and disposition activities.
Step 2: Improve your data discovery capabilities
Organisations often do not know what personal data they have as they are often storing years’ worth of data in many unmanaged environments. AI-powered identification and discovery tools can help businesses to scan this data to locate personal data and other privacy indicators. With the use of AI and machine learning, businesses can identify and assess privacy risk, set threat levels, and prioritise activities to strengthen adherence to regulatory requirements and compliance mandates. Once identified, this content can be secured and other remediation activities can be performed expeditiously. Also, tools can be leveraged to support policy-based actions especially once repeatable patterns are identified allowing automation to replace manual effort.
Step 3: Prioritise cyber resilience
Cybercrime now represents a significant day-to-day threat for businesses. As such, the best defence against cyber threats is to firmly entrench cyber resilience into the very fibre of an organisation’s culture. This can be achieved through the implementation of a cyber resilience framework which includes robust, multi-layered security and data protection.
The ECB defines cyber resilience as the capability ‘to protect electronic data and systems from cyberattacks’ and as the ability ‘to resume business operations quickly in case of a successful attack’. In essence, cyber resilience, in contrast to cybersecurity, goes beyond establishing methods and activities to protect systems and data from threats. Cyber resilience strategies focus on efforts to mitigate the actual damage and ensure that crucial company operations can continue as smoothly as possible both during and in the aftermath of a cyberattack.
Security systems will not always be able to thwart and combat threats before the damage is done so companies should create contingency plans and recovery strategies to limit negative consequences of security breaches. An organisation can respond and recover from a security breach more rapidly by implementing activities and plans that enable operations to continue and serve customers throughout the disaster, resume a ‘business as usual’ position quicker and use learnings from the attack to improve overall processes and operations.
Ultimately, with only half (52%) of British consumers reporting that they have a vague idea about data privacy laws, it is undeniable that concerns will only worsen as the use of personal data will increasingly play a pertinent role in everyday life. With a third of consumers (33%) indicating they would no longer use or buy from a brand they were previously loyal to if it failed to protect and leaked their personal data, it has never been more important for organisations to protect customer data. To do so, businesses must look to foster an integrated, data-centric approach underpinned by information governance and cyber resiliency to not only retain customer trust and loyalty but to remain competitive before it is too late.
This article and more can be found in PCR’s March 2023 issue: