SecureRedact

View Original

Consumers are reaching a “tipping point”: personal data management is a priority - laws and company practices should reflect that

The growing education around data privacy from the media and politics, along with Big Tech companies consistently appearing in the news for mishandling data, means that consumers are getting more up to speed with their privacy and data protection rights. 

The pandemic has become an effective “tipping point”: consumers are no longer willing to give up their personal data freely, using this growing awareness around digital privacy to inform how they interact and use certain companies and platforms (1).

According to KPMG, 76% of the US general population say they want more transparency around how their personal data is being used by companies and 40% say they would willingly share their personal data if they know exactly how it would be used and by whom (2).

Additionally, 40% of the US general population say they don’t trust companies to act ethically with their data, with even 13% reporting they don’t trust their own employer (3).

On a more global scale, CISCO’s 2021 Consumer Privacy Survey showed that 79% of consumers are willing to invest more time or money to better protect their privacy, and 47% of respondents said they had switched companies or providers over their data policies or data sharing practices (4). 

This is on top of the fact that 46% of respondents felt they were unable to effectively protect their data and 76% said they found it hard to know and understand how their information is being used - one of the main reasons for this was a lack of transparency of businesses concerning their data practices (5).

They also found that 33% of respondents left social media companies, 28% left ISPS, 19% terminated relationships with a retailer, and 18% left a bank or financial institution - all because of data privacy and cyber security concerns (6).

Consumers want companies to take more responsibility for data protection, not just making it an afterthought, but clearly emphasising it as a core business principle.

This includes: 

  • Clarity around why their data is needed, who it is shared with, and how it is shared, in a digestible way that is not hidden in complicated jargon-heavy privacy policies. 

  • Accountability for when their data is compromised. If there is a breach, they want companies to recognise the problem, own up to it, and rectify it quickly, as opposed to sweeping the issues under the rug. 

With data protection laws like GDPR, breach notification is now a legal requirement but there are still pockets of the world that do not have comprehensive privacy legislation where reporting these issues is an option as opposed to a necessity.  

As a result, people are looking for more formal and stringent legislation to protect their data. 

In countries where there isn’t a comprehensive data privacy framework in place, there is a growing public appetite for that to change; another KPMG study found that 87% of the US population and 76% of business leaders agree there should be more rules and regulations around data collection, management, and storage (7).

Likewise, a greater percentage of both groups believe the federal government should be in charge of making this happen, as opposed to businesses themselves, state or local governments, or consumers.

Whilst it is true that consumers aren’t as informed on the ins and outs of data protection laws as they could be, these policies are viewed very positively around the world, and with more specific legislation, it means that companies will be more accountable for “following the rules” (8).

Due to in person-restrictions and numerous lockdowns, consumers have been turning more and more to online avenues for their daily activities like shopping and banking. As businesses have made moves to accommodate this surge of online users, consumer expectations for secure transactions have grown.

In fact, Experian’s 2021 Global Identity and Fraud Report found that 55% of consumers say that security is their top priority with online transactions (1). 

Opinions on authentication have shifted - passwords are becoming a thing of the past. Even though the average person has about 100 passwords, consumers are leaning more towards “invisible” methods of authentication: fingerprint or facial recognition or multi-factor authentication, as a means to provide better security and identity verification (2).

So much so that 74% of consumers ranked biometric security authentication as the most secure method, followed by 72% endorsing PIN codes sent to mobile devices (3)(4).

However, with these forms of biometric authentication, there is still a challenge with how personal data is secured and stored, as they contain sensitive information which could be vulnerable to being compromised. Should biometric data be hacked, unlike passwords and pin codes, biometric data is in itself an immediate, identifiable, and objective portal into an individual. 

Part of why consumers are shifting towards these invisible methods of authentication is because there is a growing concern around data privacy, and an even more urgent need to protect personal data. Security around how biometric data is stored and encrypted is essential, as well as further steps such as anonymisation. 


This is part of a 5 part series, “Consumers are moving to services that protect their data and privacy”, which will explore consumer attitudes towards data privacy, social media and video surveillance - in an age where technology is relying more and more on personal and biometric data.


References: 

  1. https://www.forbes.com/sites/jenniferhicks/2020/10/27/heres-how-2020-created-a-tipping-point-in-trust-and-digital-privacy/?sh=2e020d204fc5 

  2. https://advisory.kpmg.us/articles/2021/bridging-the-trust-chasm.html?utm_source=vanity&utm_medium=referral&mid=m-00005652&utm_campaign=c-00107353&cid=c-00107353 

  3. https://advisory.kpmg.us/articles/2021/bridging-the-trust-chasm.html?utm_source=vanity&utm_medium=referral&mid=m-00005652&utm_campaign=c-00107353&cid=c-00107353 

  4. https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-cybersecurity-series-2021-cps.pdf?CCID=cc000742&DTID=esootr000875&OID=rptsc027438 

  5. https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-cybersecurity-series-2021-cps.pdf?CCID=cc000742&DTID=esootr000875&OID=rptsc027438 

  6. https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-cybersecurity-series-2021-cps.pdf?CCID=cc000742&DTID=esootr000875&OID=rptsc027438 

  7. https://advisory.kpmg.us/articles/2021/bridging-the-trust-chasm.html?utm_source=vanity&utm_medium=referral&mid=m-00005652&utm_campaign=c-00107353&cid=c-00107353 

  8. https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-cybersecurity-series-2021-cps.pdf?CCID=cc000742&DTID=esootr000875&OID=rptsc027438