Many Consumers Don’t Trust the Way Companies are Using Their Data—and Businesses Need to Change that Perception

• Data privacy, particularly for personally identifiable information, has become more important for consumers.
• Many consumers do not trust how companies are using their data.
• Businesses need to take steps to ensure optimum data security and privacy.

Data might be the currency of the digital age, but its movement from person to person or machine to machine is not to be taken lightly. The importance of data privacy, especially when it comes to personal information, has grown in recent years and data protection will likely continue to be the focus of new government and industry rules and regulations around the world.

Much of the growing pressure to ensure better data security and privacy is coming from consumers, and organizations would be wise to note this trend as they look for ways to improve data protection.

A recent report by professional services firm KPMG shows just how much of an issue data protection has become for individuals. For its study, “New Imperative for Corporate Data Responsibility,” the firm surveyed 1,000 respondents in the U.S. online in May 2020. It found that U.S. consumers are becoming increasingly concerned with—and distrustful of—how companies use, manage, and protect their personal data.

More than half of those surveyed (56%) said they want more control over their personal data, and insist that both businesses and government entities must play an active role in protecting consumer data. A large majority of the respondents (97%) indicated that data privacy is important to them, with 87% characterizing it as a human right.

Consumers have become deeply suspicious of what companies are doing with their data, the report noted, and nearly 70% of the consumers do not trust companies to ethically sell personal data. Many don’t trust companies to use personal data in an ethical way.

With consumers saying they see data privacy as a human right and new data protection legislation expected in the coming years, it’s critical that companies begin to advance their privacy programs and policies, said Orson Lucas, principal, Cyber Security Services at KPMG.

Consumer demands for the ethical use of data and increased control over their own information needs to be a “core consideration” in developing data privacy policies and practices, Lucas said.

The task of protecting data can be daunting for organizations, especially when consumers themselves are not taking steps to avoid security risks. Although many survey respondents indicated that data privacy is important to them, most still engage in online behaviors they consider risky.

For example, about three quarters said they consider it risky to use the same password for multiple accounts, use public Wi-Fi networks, or save a card to a Web site or online store. But more than 40% of the consumers engage in those behaviors.

While about two thirds of those surveyed said they avoid opening email attachments from unknown senders, only 31% install mobile device security software and 20% use their own virtual private network (VPN) when possible.

Part of the challenge for cyber security teams will be getting employees and customers to do their part to protect their own data, noted Steve Stein, another principal for Cyber Security Services at KPMG. “Developing defensible notices with understandable language and data protection controls that guide employees and consumers have to be embedded in the data security agenda,” he says.

While most of the survey respondents said consumers themselves have a responsibility to protect their own data, even more of them want the government and companies to play a role. In fact, about 90% insist that companies and the government have a responsibility to protect consumer data.

The same percentage of respondents think the data privacy rights of the California Consumer Privacy Act (CCPA), namely the right to delete personal data and the right to know how their data is being used, should be extended to all U.S. citizens.

A large majority also said companies should put data privacy guidelines and policies in place, be held responsible for corporate data breaches, take corporate data responsibility seriously, and take the lead in establishing corporate data responsibility.

None of this should be surprising for IT and cyber security leaders and their teams, because these requirements should go without saying and in many cases are already in place. Any organization that isn’t taking data responsibility seriously can expect to experience a costly breach or other incident.

In order to provide consumers with increased control over their data, businesses should consider leveraging data discovery and protection tools, the report said. They should also explore innovative uses of blockchain and artificial intelligence (AI) technologies that can help them better track the source of their data, assure its accuracy, make it easily discoverable, protect it, and create greater external visibility into the data being collected.

Many enterprises have stated their intent to make security and data privacy a high priority. In another survey conducted by KPMG in March and April 2020, this one including 600 global technology executives, the firm found that improving cyber security and data privacy is one of the top four objectives for which organizations are investing in emerging technologies. These technologies include process automation, smart analytics, cloud computing, AI, and blockchain.

The “digital revolution” has given businesses the ability to develop deep insights into the lives of their customers, the report noted. The widespread adoption of ecommerce, smartphones, and social media have enabled companies to routinely know where their customers live, how old they are, where they shop, what they purchase, and how they pay for goods and services.

But companies must take steps now to keep pace with expectations, the study said, or risk losing access to the data that increasingly drives strategy, insights, and success.