[BreachExchange] Earning Customers' Trust in Our Day of Data Breaches

Inga Goddijn inga at riskbasedsecurity.com
Mon Oct 16 20:41:24 EDT 2017


https://www.business.com/articles/earning-customer-trust-data-breaches/

Data collection is a topic that's getting more attention than ever before.
In the wake of recent breaches, consumers are wondering if they can trust
businesses to protect their information from malicious hackers. You need to
reassure them that you can.

Do you know what Arby's, Verifone, Saks Fifth Avenue, Chipotle, Gmail,
Brooks Brothers, DocuSign, Kmart, the University of Oklahoma, Washington
State University, Blue Cross Blue Shield, Verizon, Equifax, Deloitte, Sonic
and Whole Foods Market all have in common? They are among the thousands of
companies that have experienced data breaches this year alone.

The Equifax hack was one of the largest, and certainly received more
publicity than most, but it wasn't an isolated event. Businesses that
promise to protect consumer data are being targeted and ferociously hacked
with an intensity that has never been seen before.

Just weeks ago, Yahoo announced that it now has reason to believe all 3
billion of its user accounts were affected by a 2013 hack. As Phil Dzikiy
of Security Baron explains, "Yahoo's 2013 breach involved sensitive user
information such as names, telephone numbers, and birthdates, as well as
security questions and answers."

This isn't a new hack, but it does speak to just how serious breaches can
be. Often, one breach has a domino effect and exposes account information
for customers all across the internet.

Customers know that businesses are collecting their information. While not
always crazy about the idea that companies store personal data points, most
consumers choose to look past it and avoid worrying about what they can't
control. However, as data breaches become more common and more publicized,
the distrust is turning from a simmer to a boil.

Customers are beginning to wonder if they have more to lose than to gain
from doing business with certain companies. Moving forward, businesses like
yours must find ways to overcome these friction points and instill
confidence.

5 ways to establish trust when collecting data

If you're collecting customer data – and every modern company is these days
– then you have to be intentional about establishing trust. It's a
challenge for sure, but it's not insurmountable. Here are a few specific
ways you can make positive strides in this area.

1. Ask for permission.

You would never walk up to someone in person and take something without
making a clear and transparent request. Why, then, do so many brands skirt
the issue when it comes to gathering data? You not only need to ask for
permission to collect data, you need to make sure the customers actually
know what you're doing.

Many companies will make vague requests, knowing that customers aren't
reading the fine print, but this isn't a way to build trust. Be clear,
precise and transparent. Most customers are willing to trade information
for something of value, but you have to be forthcoming.

2. Be transparent.

The second step is to be transparent with the data you're collecting and
how it's being used. According to one study, 60 percent of online users
want to know the why, what and how of websites personalizing content for
them. Roughly 1 out of 3 customers say they would be less bothered by
sharing their personal information if companies explained their reasoning
for collecting the data.

Dave Jackson, CEO of Clicktools, a company that helps companies with the
collection of customer data, believes this is critically important to any
data collection strategy. "It's not just about what information I'm
holding, it's about how I'm using that information," he explains. "And if
you can show someone that you're using that information for mutual benefit,
that will build trust and benefit both parties."

3. Clearly explain policies.

You need clear policies within your organization regarding how customer
data can be used. Just because you collect it doesn't mean you're free to
use it in any manner you want. Everyone in your company must understand
what's legal and what's not.

Something interesting happens when you develop clear policies within your
company. Suddenly, you don't have to skirt the issue in public. Instead,
you can be more open and honest about what's going on – something that may
give you a competitive advantage in a murky marketplace.

4. Keep data anonymous.

There's too much risk associated with collecting data and keeping
identifiable information. To foster trust with your customers (and reduce
your own risk), make sure you keep data anonymous. Thanks to different
software solutions, this is easier than ever. Algorithms and clustering
models can be used to establish customer segments, which removes bias,
keeps data safe and builds trust.

5. Don't collect data you don't need.

You are responsible for every piece of data your company collects on
customers. Why, then, would you want to collect information you don't
actually need? This increases risk and forces you to safeguard data that's
irrelevant to your end goals.

It's far better to be conservative than greedy when it comes to collecting
customer data. It's also a lot more cost-effective in the long run. Think
about this as you refine your strategy.

An issue you can't neglect

Trust between consumers and brands will always be important, but it's
unfortunately at an all-time low in today's marketplace. With each new
story about a data breach, customers have fewer and fewer reasons to trust
businesses with their information. If you want to keep collecting data
without losing customers, you'll have to find ways to build trust.

As Pat Conroy writes for Deloitte, "Rather than forgo the unequivocal value
of gathering and using personal consumer data to drive targeted digital
marketing, consumer product companies can seize the opportunity to build
brand trust by meeting – and even exceeding – consumer expectations related
to data privacy and security."

Let this article serve as the starting point (not an exclusive manifesto)
in your company's quest for building and maintaining trust with customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171016/31aaf30f/attachment.html>


More information about the BreachExchange mailing list