Many companies have based their business models on collecting facts and statistics from their customers, accumulating big data which they analyze to improve not only customer experience, but also marketing, sales and product strategies. Or so they claim. The popularity of social media and digital operations have made it easier for businesses to gather reams of personal information, including emails, browsing history, habits, location, political beliefs and pretty much any other behavioral detail.
The problem lies with companies that collect credit card data, Social Security Numbers, health and financial records, because they expose customer data to major risks. According to a recent report prepared by Cornerstone Capital Group for the Investor Responsibility Research Center Institute, enterprises such as Alphabet, Amazon, American Express, AT&T, Facebook, MasterCard, Twitter and Walmart, which focus business efforts on gathering and storing consumer data for monetization purposes, could face serious privacy allegations in the near future. Consumers and legislators are, step-by-step, digging deeper into the matter, its consequences and, most importantly, who actually owns the data and who it is being sold to.
Soon, users may no longer be as indulgent and trusting with their data, and will proceed with more caution, especially when using devices that integrate data-gathering technology. While regulations such as GDPR aim to protect data and privacy, too many companies are still struggling with compliance, even though this means severe fines are right around the corner.
“As policymakers and consumers struggle with data privacy issues, investors need frameworks to understand both the different ways companies monetize personal data and the business risks those business models face,” said Jon Lukomnik, IRRCi executive director.
“Given the recent data scandals and the soaring level of concern around data privacy issues, investors are increasingly wary about how companies will evolve business strategies reliant on consumer data. As expectations for privacy shifts, some companies will flounder, and others will flourish.”
There is a general concern that the use and sale of data by enterprises affects data safety and curtails privacy. Data-collecting companies face sophisticated cyberattacks because data is a goldmine that anyone can monetize, including hackers. Information that is stolen can be manipulated and lead to identity theft and fraud, among other crimes, but businesses could also lose money, especially if they are no longer considered reputable and trustworthy.
An example would be this week’s breach announcement from T-Mobile. The telecom giant confirmed that cybercriminals used a vulnerable API to infiltrate their servers and steal the personal information of some 2 million US-based customers. Although company representatives said the hackers did not access passwords, financial information, and social security numbers, hackers still got away with names, billing zip codes, phone numbers, email addresses, account numbers and account types; information they could easily use in scam campaigns.
“The ambiguity of the current data privacy environment is unsustainable, and investors need to understand how social and governance issues like data privacy impact company performances,” said John Wilson, Cornerstone’s head of research and corporate governance.
“As data privacy concerns rapidly evolve, investors need to evaluate how well the company’s governance is positioned to manage changing norms, expectations and regulations that may affect access to data, stakeholder trust and, ultimately, company strategy.”