The digital universe
Our lives are tangled up in the internet. It’s difficult to go an hour, much less a day, without firing off an email, reading the news, or scrolling through social media. These exchanges are made possible by the “Internet of Things” (IoT) — a universe of connected technology which includes mobile phones, computers, wearables, and other “smart” devices. Forecasts indicate that this universe will expand to around 29 billion connected devices by 2022[i], an 81% increase compared to 2016.
IoT devices have dramatically increased the volume of data generated each day. Today, our accumulated digital universe of data is 4.4 zettabytes. By next year, this number is expected to multiply ten times, reaching 44 zettabytes, the equivalent to 44,000,000,000,000 gigabytes. If numbers make your head spin, brace yourself – this infographic from Raconteur shows “A day in data.”
We are living in the digital age. Technology has enabled rapid communication and increased productivity, but it’s also changing the way we live. Your digital activity is a fingerprint – an expression of identity formed by your Google history, Bumble profile, and Netflix queue. While your entertainment or purchase history may not feel immensely personal, you may feel more sensitive about your financial or medical history.
How companies use data
Data is used in a myriad of ways. Companies can improve their products and services with it, but they can also share it with business partners or sell it to third parties. As Louise Matsakis explains in the Wired Guide to Your Personal Data (and Who is Using It), sometimes consumers benefit from data collection (think: improved Spotify recommendations) but other times, data is mined and sold to the consumer’s detriment (think: telemarketers). Even details like How you Type, Swipe, and Tap are being put to use. Big data has tremendous commercial value – in 2018, U.S. companies spent nearly $19.2B on data for advertising and marketing efforts.[ii]
Cue the TED Pros and Cons of Digital Life playlist which explores how hyper-connectivity is “rewiring our personal lives.” In their TED Talk video, “What your smart devices know (and share) about you”, journalists Kashmir Hill and Surya Mattu tap into that sneaking suspicion we all have – that our favorite devices are collecting and sharing our personal data.[1] Kashmir and Surya conducted a 2-month experiment where they installed 18 connected home devices and monitored how often they relay data to external parties. The journalists found the devices were in constant contact, including one device which shared data every 3 minutes. Surprised? They were. Their reaction points to an underlying social issue that many users don’t know what data is being collected or what it’s being used for.
Data Breaches
Consumers are increasingly aware of security risks related to personal data. In 2018, the Identity Theft Resource Center tracked 1,244 U.S. data breaches which exposed over 446 million records of personally identifiable consumer information, a 126% leap from the prior year[iii]. Just this month, Capitol One’s data breach exposed 140,000 U.S. Social Security numbers and 80,000 bank account numbers. Despite their best efforts, leading companies are challenged by the volume and variety of cyber threats. We depend on technology more than ever and companies are struggling to protect it — a fact that’s fueling unease and distrust. As early as 2014, a Pew Research Center survey on social media captured this sentiment, “[Americans] are anxious about all the personal information that is collected and shared, and the security of their data”.
Regulation
In 2016, the European Parliament acknowledged that legacy privacy regulation lacked the provisions to protect citizens in our modern, digital economy. In 2018, the E.U. General Data Protection Regulation (GDPR) went into effect, requiring business to protect privacy in new ways. These include obtaining consent before using customer data, providing consumers the “right to access” the personal data collected, and explaining what personal data is used for. Importantly, GDPR applies to all companies processing and holding the personal data of people living in the European Union, regardless of where the company is located. The shift is happening across the globe with forthcoming regulations in California, Brazil, and India. In this new landscape, companies must take a proactive approach or pay the price. In January 2019, the French data protection authority fined Google 50M euros for breaching GDPR with a “lack of transparency, inadequate information, and lack of valid consent regarding ad personalization.”
Why Companies Should Tackle Privacy
Fast forward to 2019. Privacy has rocketed to the top of the corporate responsibility priority list. Stakeholders are taking notice — companies who lag on privacy are exposing themselves to reputational, financial, competitive, and regulatory risk.
- Governments are regulating privacy to protect consumers
- Investors are concerned with privacy and security risks due, in part, to financial impacts. The average breach costs $3.92M [iv] in regulatory fines, remediation costs, and lost business
- Business partners recognize their success depends on the ability to share and protect sensitive information
- Customers want to know what data is collected and how it’s used. They want their data secured with best available technology and proactive management
Customers are tuning in to data privacy issues and companies who ignore their needs risk losing business. Compliance is the bare minimum and may not be enough to retain customer trust. Only 25% of consumers feel most companies handle their sensitive personal data responsibly and only 10% feel they have complete control over their personal information[v].
According to Pew Center research, Americans understand that by providing information to companies, they may receive something of value in return. Additionally, their perception of company trustworthiness, influences willingness to share personal data[vi]. This means customers are open to sharing data, provided they understand the benefits and believe the company has strong privacy practices.
The Solution
It’s early days for digital Privacy, but the practice of building and maintaining trust is well-trodden CSR ground. Building on a foundation of compliance, companies should develop strong privacy policies and the clearest possible communications to explain them to their customers. The current norm of ticking “I agree” to a long legal document, does nothing to build customer trust or provide informed choices.
A strategic communications approach to inform, educate, and empower customers is needed. To resonate, a company’s privacy communications should be in alignment with company values and address customer concerns. Communications tailored to customer needs are a natural next step for corporate privacy programs.
[i] https://www.ericsson.com/en/mobility-report/internet-of-things-forecast
[ii] https://www.iab.com/news/2018-state-of-data-report/
[iii] https://www.idtheftcenter.org/consumers-at-risk-126-increase-in-exposed-consumer-data-1-68-billion-email-related-credentials/
[iv] IBM 2019 Cost of a Data Breach Report
[v] https://www.pwc.com/us/en/advisory-services/publications/consumer-intelligence-series/protect-me/cis-protect-me-findings.pdf
[vi] https://www.pewresearch.org/wp-content/uploads/sites/9/2016/01/PI_2016.01.14_Privacy-and-Info-Sharing_FINAL.pdf
[1] The European Commission defines personal data as any information that relates to an identified or identifiable living individual.
