Prioritise privacy to build trust and elevate customer experience This blog post was authored by Kim Bozzella - Managing Director, Global Lead - Technology Consulting on Protiviti's technology insights blog.This blog was originally posted on Forbes.com. Kim Bozzella is a member of the Forbes Technology Council.Here’s a problem I often see: Most businesses recognise the significance of data privacy and identity management in safeguarding information, yet many overlook the relationship between privacy, identity management and customer experience. This connection is becoming increasingly important as establishing and nurturing customer trust is essential for fostering repeat business, competitiveness and growth.Ultimately, brand and company loyalty are crucial, and often, they begin with trust in the organisation’s ability to protect a customer’s personal and confidential information. What’s more, regarding the value of building customer trust, it’s been well-documented that retaining existing customers is far more cost-effective than acquiring new ones.Customers are increasingly aware of the risks associated with online transactions and the potential threats to their privacy. These concerns have been validated by frequent breaches, data theft, ransomware attacks and cyberattacks in the news. In fact, a 2023 study by PCH Insights reveals that 86% of Americans are more concerned about their data security and privacy than they are about the state of the economy.Businesses need to understand the symbiotic relationship between (1) identity protection and data privacy and (2) customer experience. Topics Cybersecurity and Privacy Risk Management and Regulatory Compliance Why trust mattersBusinesses understand that customer data is vital for creating personalised experiences. However, gathering and utilising any amount of customer data can raise privacy concerns. Customers are aware of the significant threats to their data and privacy, making it crucial for businesses to establish trust through transparent and secure data practices. Losing trust means losing business.A study from Ping Identity reveals that 81% of consumers say that ease of use is important when interacting with brands regarding their overall digital experience, and 61% report that having privacy laws enacted to protect consumer data and knowing that the website vendor is complying with those regulations make them feel more secure when sharing their personal information online.While customers have come to appreciate heightened protections to shield their data, it is equally important to prioritise a seamless and personalised experience that maintains trust and ensures a clear understanding of the protective measures. Complex customer access procedures—e.g., cumbersome multifactor authentication or difficult-to-decipher CAPTCHA tools—often result in frustration and customers abandoning online interactions. To illustrate, according to a study from the FIDO Alliance, more consumers prefer retailers that allow them to log in and make transactions through on-device biometrics, such as fingerprint or facial recognition. Moreover, 60% of U.S. consumers believe retailers offering on-device authentication care more about their customer experience, 58% care more about their privacy and 61% believe they care more about their security.Although customer experience and satisfaction are foundational to business growth, organisations cannot ignore the implications of security breaches.According to Statista, the average cost of a data breach in 2023 grew to $9.48 million, and Verizon’s 2024 Data Breach Investigations Report (DBIR) states that 62% of financially motivated incidents involved ransomware or extortion, with a median loss of $46,000 per breach. Failure to comply with data privacy laws can also lead to very expensive fines. Past examples include a major online retailer’s $866 million fine and a consumer credit reporting agency’s $700 million fine for breaches that exposed customer data.Taking actionOne of the primary issues I see with businesses is that they view data privacy and identity management as distinct concepts, where:Data privacy focuses on protecting personal information from unauthorised access, use, disclosure or modification.Identity management deals with managing individual identities within a system and focuses on verifying who someone is and ensuring they have the appropriate access rights to specific resources or data.Establishing consumer trust while ensuring regulatory compliance requires businesses to approach these concepts with a unified perspective. This involves adopting a comprehensive approach to privacy, identity and compliance.Businesses should first gain a better understanding of where data is stored and the types of data collected and managed. This requires, among other things, carefully examining the existing legislative and regulatory requirements and those that may be enacted in the future.Next, especially regarding data collection and management, it’s vital to understand the organisation’s compliance obligations. While the importance of compliance is not a new concept, rapidly evolving changes in legal requirements are creating new challenges for many organisations. Ultimately, data privacy, along with identity and access management, must be intertwined with cybersecurity, compliance and the systems that manage them. Remember, compliance failures erode customer trust.Moreover, it is essential to ensure that a customer’s data is adequately protected and easily accessible without the need for complicated procedures. In simpler terms, privacy should be guaranteed without being excessively difficult to confirm, and the data must remain readily available to authorised individuals who require access.In today’s competitive landscape, it is crucial to prioritise the establishment and upkeep of customer trust. This can only be achieved through the implementation of effective and integrated data privacy and compliance practices. Any compromise or loss of customer or client data can permanently damage that trust.To learn more about our data privacy solutions, contact us. Find out more about our solutions: Data Privacy Consulting Protiviti’s data privacy consulting team understands the risks and challenges companies face in developing and maintaining effective privacy and data protection programs. Privacy as a Service (Protiviti PraaS™) Think of us as an extension of your team. We provide tailored, full-service support to assess privacy needs, implement and automate privacy-related functions, and respond to new and changing regulations. Privacy Compliance Compliance with current and future privacy laws such as GDPR, the Privacy Act 1988 (Privacy Act), and the Privacy and Data Protection Act 2014 requires disciplined execution. From developing a robust compliance strategy to managing consent order response and data subject requests for information, Protiviti can help. Data Security We help preserve your business value by protecting sensitive data while assessing and maintaining compliance with regulatory and contractual requirements. Leadership Michael Pang Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ... Learn More Alan Wong Alan is a director at Protiviti Hong Kong with over 21 years of experience in IT and security solutions and project management. He specialises in IT governance, risk assessment, regulatory compliance, and cybersecurity assessment and consulting. He also has an extensive ... Learn More Featured insights INSIGHTS PAPER Mastering Data Dilemmas: Navigating Privacy, Localisation and Sovereignty In today's digital age, data privacy management is paramount for businesses and individuals alike. With the ever-changing regulatory landscape surrounding data protection, organisations must adapt swiftly to ensure compliance and maintain trust with... WHITEPAPER Human v. machine: Tackling artificial intelligence risks in financial institutions In the novel Tell the Machine Goodnight, Katie Williams tells the story of Pearl, a technician for Apricity Corporation, which has developed a machine that “uses a sophisticated metric, taking into account factors of which we are not consciously... BLOGS Developing a security function during a CISO’s first 100 days These turbulent times of evolving threats and rising personal responsibility considerations for cybersecurity leaders make the CISO role a challenging but rewarding position. The CISO must contend with an increasing sophistication of attacks,... INSIGHTS PAPER How data sovereignty and data localisation impact your privacy programmes The concepts of data sovereignty and data localisation stem from a desire to keep data within a country’s borders for greater control. While the broad strokes of various privacy laws may be consistent across jurisdictions, governments will dictate... BLOGS Australia’s Privacy Act is fundamentally changing: What this means for your organisation Background On 16 February 2023, the Attorney-General’s Department released its Privacy Act Review Report (the Report) following a two-year review of the Privacy Act 1988 (Cth) (the Act). The Report contains 116 recommended amendments to the... Button Button
