Building Strong Customer Relationships through Data Privacy and Consent

Data privacy isn’t a new concept, but it’s recently taken on some very public urgency. In the nearly two years that have passed since the Cambridge Analytica scandal broke, customers have become more wary of handing over their data to businesses and much more cynical about what those businesses will do with their data once they have it. 

In a bit of a paradox, that cynicism hasn’t led (yet) to a wholesale withholding of personal information online, as studies show that the global public is “giving away more personal data than ever, despite the risks.” But while privacy concerns may not be stopping your customers completely from handing over their personal data, ideally they give you their data because of what you do with it, not despite what you do with it.

By paying careful attention to data privacy now, you set the stage for stronger relationships and create an environment in which both you and your customers will reap the rewards.

Before we tackle why data privacy is so vital to your business, let’s establish what we mean by the term. Data privacy revolves around how you gather and use a customer’s personal data. You’re protecting that data by collecting and using it only in ways the customer wants. In other words, it’s all about customer consent. 

Data privacy is related to the concept of data security in that if a customer’s data is exposed through a security breach, their privacy is also violated because they obviously hadn’t consented  to sharing their data in that way. But in this post we’re focused on the cases where you (and not a bad actor) potentially misuse customer data.

Following are three key reasons why you need to safeguard your customers’ data privacy.

#1 Your Customers Want It

Your customers care about data privacy—a lot. In the Ping 2019 Consumer Survey, Trust and Accountability in the Era of Data Misuse, which surveyed consumers in the United States, the United Kingdom, Australia, France and Germany, we discover just how much:

• More than one half (55%) of people say a company sharing their personal data without permission is more likely than any other scenario to deter them from using that brand’s products, even more than a data breach (27%).
  
  
• People expect privacy issues to get worse: 39% ranked data privacy as their number one technology concern for the next year, above security, surveillance, disinformation online or automation.
  
  
• Privacy issues outrank security for consumers when choosing a login method. Biometrics, for example, was ranked as the second-most secure login method and the second-most convenient. However, 49% report having privacy concerns with facial recognition, a common form of the technology.

People care about data privacy so much, in fact, that here in the United States, citizens are in favor of the national government stepping in and doing something about it. A survey from Arm Treasure Data found that “more than 70% of [Americans] favor a data privacy law at the federal level.” 

They may soon get their wish. This leads us right to the next argument for engaging in strong data privacy:

#2 You Comply with Regulations

Businesses with customers in Europe or California, to name just two regions, already have first-hand knowledge of what it means to operate under relatively strict data privacy regulations. The EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two of the strongest pieces of legislation to date that impose strict controls over what businesses can do with end user data. Add industry legal requirements like HIPAA to the mix, and you are facing a mosaic of multiple consumer data protection regulations.

Exactly what shape data privacy compliance takes varies, of course, depending upon the legislation, but what these pieces of legislation have in common is the promise of stiff penalties for non-compliance. Under CCPA, for example, the California Attorney General may bring an action against a company for up to $2,500 per negligent violation, and the fine increases to $7,500 per intentional violation. Additionally, the private right of action grants citizens the right to sue for statutory damages of $100-$750 per data breach incident if a company fails to maintain reasonable security.

You aren’t immune if your business doesn’t operate under these location or industry constraints, however. The regulatory landscape is changing, and here at Ping we expect that GDPR and CCPA are just the beginning and that other countries and states will follow suit. In 2019, at least 25 data privacy bills were introduced in U.S. state legislatures. It will be more painful for your business to try to retrofit later than to take care of data privacy now. 

#3 You Create a Better Customer Experience

If legislation is the stick, the customer experience is the carrot that can entice you to safeguard your customers’ personal information. The benefits of a great end user experience are obvious, but sometimes companies overlook the data privacy aspects in favor of creating beautiful experiences. 

The two aren’t mutually exclusive, though. When you use data intelligently to boost personalization, your customers get significant value through customized preferences along with tailor-made services and offerings. In addition, when you respect your customers’ privacy, you’re building trust, and that trust carries through in every interaction and colors the user experience. (A side benefit is that the more a customer trusts you, the more likely it is that they’ll give you their data.) The UX isn’t just about the mechanics of how a customer interacts with you; it’s also about how they feel about those interactions. Being a good data steward helps you serve your customers better and makes for a better customer experience.

Both businesses and customers may agree on the need for data privacy, but a whole host of current practices show that there are numerous strategies for securing it—some more successful than others. Posting online notifications that you track cookies or sending out a 25-page terms of service agreement is not protecting data privacy. Instead, you need a true data privacy solution like customer identity and access management (CIAM).

CIAM is ideally suited for protecting data privacy in that it helps your business collect and enforce consent. Data privacy is baked into CIAM; you gather end user consent and comply with their wishes, making sure the data is used in the way it was meant to be used. 

Take consent enforcement, for instance. With CIAM, when applications request customer data, only the approved data that customers have consented to is returned. Keep in mind that app teams can’t just take a privacy policy your legal team has written and magically convert it into code. When consent is needed, the data returned to applications based on that consent needs to be centrally managed. App teams shouldn’t have to do anything except request user data and get only compliant data in return. 

Specifically, CIAM can help with these important aspects of consent:

1. Easy consent capture. Customers should be able to decide who is exposed to their data by giving you their consent to share it. By its nature, a solid CIAM system is designed for capturing customer consent. CIAM simplifies consent capture across channels and enables you to drill down for specific attributes. It allows you to enforce consent choices based on geographic, industry or other policies, or on sharing data with groups like internal teams or external partners. In addition, many CIAM systems enable transaction consent and approval, an important multi-factor authentication (MFA) use case. Also, just because a customer has given you consent once doesn’t mean it lasts forever. CIAM also allows the customer to revoke consent.
   
   
2. Self-managed profiles. It isn’t enough for your business to be handed customer data so that you can manage it; your customers should have a say in accessing and controlling their consent. CIAM enables your customers to see and make edits to their consent (and other) data, thanks to pre-built user interfaces and APIs, and enforces their preferences across all channels and devices. And since identity silos interfere with consent management, CIAM consolidates identity silos and creates unified customer profiles through tools such as real-time or scheduled bi-directional sync, the ability to map data schemas, support for multiple connection methods/protocols and built-in redundancy, fail-over and load-balancing.
   
   
3. Data access governance. Data privacy management solutions help you give customers what they want by providing fine-grained data access based on real-time consent records. Data governance is an important component of a CIAM solution, serving up fine-grained authorization for data that enables administration and enforcement of attribute-level authorization policies. When you enforce consent and provide for granular data privacy preferences, you give customers authority over who can view their data and how it can be used.

Not only does CIAM address these critical aspects of consent capture and enforcement and ensure you’re following data privacy best practices, but it helps you comply with data privacy regulations such GDPR and CCPA. For instance, CCPA articles 1798.120 and 1798.135 govern an individual’s right to opt-out, stating that a business must also give its customers the right to withdraw their consent at any time, and a CIAM system allows exactly that with its consent capture capabilities. Or, consider how a CIAM system can address the data governance requirements spelled out in GDPR’s article 32, whereby internal and external applications are allowed access to only the particular subset of identity attributes necessary.

In the end, data privacy isn’t just about complying with regulations or being open about how you use customer data. It’s about treating your customers the way they want and deserve to be treated. CIAM is uniquely suited to help you with this challenge of enforcing consent to build trust and loyalty with your customers. To learn more about implementing privacy and consent management, read the executive brief "How to Balance Personalization and Privacy for Outstanding Customer Experiences".