Who to trust with your data?

5 steps to check if a brand is privacy trustworthy

In The Customer’s Data Revolution I describe how we are witnessing an unprecedented transfer of data ownership from the business to the consumer. The change is driven by government regulation, but is also the result of a rising global consumer awareness around their data use. This is exciting, but how can you really trust that data is used and protected as the companies tell us? After all, most people don’t trust how companies use their data (see for instance this study) so this is important.

As a professional working with protecting important customer data, I here try to give you the unfiltered list of what you can do to check how trustworthy a brand is.

1. Can you find and understand their data security and data protection promise to you?

See if you can find a company’s privacy page. If you find it, do you understand what it says? If the only thing you find is a privacy statement with loads of legal text, you should be worried. I’m not saying that the legal text is wrong in itself. Companies may be regulated to have such. However, the legal text should be supported by text that is understandable. Check if they are committing to you a promise on data security and privacy. Also, do they explain how your data is used and stored.

One good example from my point of view of privacy page is the one presented by Apple: https://www.apple.com/privacy/

2. Are they strongly regulated?

Some industries are strongly regulated in use of data. Because of the new regulation GDPR coming May 2018 all companies acting in Europe are expected to tighten their handling of your data. This is due to rather strict fines on non-compliance to the new regulation. Similar regulations are being planned in other countries as well. Furthermore, there are some industries that are strongly regulated in security and data protection by law.

Watch out for the level of corruption in the country (by looking at the corruption indexes published on the web). That can be an indication that regulations that look good on paper are not really followed through.

Some clear examples of a strongly regulated industries are European owned telcos or banks. These companies are really worried if breaches can be found at audits (due to high fines) and have both the European data protection regulators and their own industry regulators watching over them.

3. Have they had breaches before and how has that been handled?

Having had one breach compromising company data is not necessarily negative. That may have had the effect of really hardening a company’s policies around data security. Hence, search around for breaches for the company. If there has been a breach, look at how humbly the company has handled it and what public changes it triggered. If there have been repeat breaches and the company is trying to hide it, be suspicious. If they really have taken strong action after the breach, it may be a very good sign.

Here is a list of the biggest known data breaches of the 21st century.

4. Is it easy to manage your data on their platform?

A data control panel is what you want to look for here.

There is always some data processing that comes with using a service. This basic needed data processing may vary greatly from service to service, but most companies must for example by contract be allowed to store your data so that you can be billed or contacted.

All other data processing not under contract should in principle be possible to opt out of (processing like personalization or product promotional offerings). Further, for an increasing amount of use cases you must actually opt in (give consent) for the company to use your data for that case. One example of opt in processing (under the European law) is if the company is going to sell your data to third parties.

Many companies are offering or launching this kind of control panel to you now. There are many examples of these control panels among the major digital players. Just search for “privacy checkup (company)” or “privacy control panel (company)” and you should find it.

When using a data control panel look for ease of use, but also see if you can get a high degree of granularity on your control. Often, brands omit that you can opt out of being targeted by marketing or that they sell your data. This is really what a trustful brand should give you the option to control.

5. Have you tested them on data transparency and did the experience increase your trust?

This is one of the coolest things you can do. In many countries you should be able to contact customer service or go online and get a data report of all the information that the company has on you. You should also be able to delete all the data a company has on you as well (but then you are terminating the service so be certain on this).

Many major digital companies (Facebook, Twitter, Google etc) have these features build in their platforms. You might be surprised when you read how much data they have collected on you.

However, test other brands you use as well: Contact your airline, your bank or your retail loyalty card and request all the data they have on you. If a company takes your data protection seriously, they will help you find the data and be welcoming in the dialogue. Again, you might be surprised by the amounts of data that can surface. A little caution here, when exposing data it is important that they correctly identify you before your data is sent. If they don’t do that properly a warning flag should be raised because then someone else than yourself can get access to the data.