Building Security, Privacy and Trust By Respecting Personal Data

David T. Blonder


June 22, 2021

Person in a suit holding an umbrella over a miniature shopping cart and bags.

The COVID-19 pandemic forced corporations to shift largely overnight to a principally remote, work-from-home business model that accelerated digital transformation and forced companies to navigate previously uncharted ethical and legal waters regarding obligations around the collection, storage, and use of personal data.

This rapid transformation has placed both corporate and personal data at greater risk than during pre-COVID times. As companies adapted to the developing privacy legal landscape and increased public scrutiny that comes with it, their ability to demonstrate and communicate adequate safeguards around data became critical to earning consumer trust.

Every company has a vested interest in protecting and respecting the privacy of its employees and customers. Failure to secure these kinds of vital data and be transparent around collection, use, protection and retention can create a significant existential threat to business and brand reputation. As in professional lives, corporate reputations can take years to build, but only minutes to lose.

Security + Privacy = Trust

In the digital world, consumers have greater expectations of the businesses they interact with than ever before. With a wealth of available alternatives and competitors, customers can vote with their wallet. Indeed, this is reflected in a recent survey from Salesforce, which revealed that 95% of customers said that feeling like they can place trust in a company makes them more likely to remain loyal.

At the same time, the 2020 Consumer Privacy Survey from Cisco found that 60% of survey participants were actively concerned about how their data is being protected, as they work, learn, and even visit the doctor remotely, using video streaming and cloud applications. Together, these findings paint a clear picture that consumers are increasingly likely to end a relationship with a firm if they feel that personal data is abused or compromised.

The recent Protecting Data Privacy During the Pandemic and Beyond report from Cisco sought to identify top concerns about personal data during the pandemic. Nearly a third of respondents (31%) worried that their data will be used for unrelated purposes, and one in four were concerned that their data will be shared too broadly with third-party companies. Almost a quarter (24%) had suspicions that their data will not be deleted or anonymized when it is no longer needed for its original purpose.

This illustrated why transparency around the use of collected personal data is crucial. It is telling that just under half of those surveyed did not feel they could adequately protect their own data. The top reason given among 79% of respondents was that they do not have adequate insight into what companies were doing with their data. It is difficult—if not impossible—to establish trust when there is a lack of transparency between a business and its customers.

Risk professionals should not underestimate the critical importance of these findings. Many in the industry have a false sense of security, assuming that customers are not engaged or active enough to change their spending habits in response to data misuse. This mindset, while it may be reassuring, does not hold up to more modern trends. Businesses cannot wait until after a data scandal to tighten their data protection practices. By that time, their reputation as trustworthy custodians will already be in tatters and customers will have taken their business elsewhere.

By getting ahead of the issue and building privacy into defined processes, companies can not only avoid potential future crises from springing up, but also demonstrate that they are aware of the importance of privacy and trust, they are aware that this matters to consumers, and be willing to do something about it. Customers do pay attention to these issues and being proactive and responsive to privacy issues will help keep your reputation and bottom line intact.

Respecting Privacy and Protecting Personal Data

 Protecting data does not need to be complicated. Indeed, a simpler approach exists whereby employees at every level can easily follow and is likely to be far more effective. The following four tenets capture the spirit of respectful and intelligent data handling:

  • Know what makes data personal. The definition of personal data is broad and applies to any information relating to an identified or identifiable natural person. It is nearly impossible to protect personal data without knowing what it is.
  • Start with why. There must be a clear and lawful business purpose for collecting personal data. If you cannot credibly provide this reason, do not collect it. Also, access to personal data does not mean you can use it for any purpose. Its use must be limited to the original purpose for which it was collected—this is a fundamental pillar of creating and maintaining trust.
  • If you collect It, protect it. If you collect personal data, it is imperative to ensure that appropriate security controls are implemented to keep it safe from inappropriate or unauthorized access.
  • Security does not mean privacy. While it is possible to have security without privacy, it is impossible to have privacy without security. Privacy is about handling personal data ethically and responsibly. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.

All employees can play a role in protecting and respecting the privacy of customers, prospects, partners, and visitors, and identifying practices that do not support this important mission. On an individual level, the simple (yet effective) message to convey to employees is “if you see something, say something.” Companies should promote a culture of responsible data use with C-Suite support and without fear of reprisals for pointing out practices that do not align with building consumer trust.

Organizations that demonstrate responsible and transparent practices in the handling and protection of customer, partner, and employee data can differentiate themselves from competitors and maintain a competitive advantage in the market, while creating a relationship of trust. Without this trust, customers will not reap the rewards and benefits of secure and innovative technologies and companies that do not engage in responsible data collection and use will be hindered from bring innovative and pro-competitive products to market.

David T. Blonder is senior director, legal counsel and data protection officer at BlackBerry.