×

In the age of big data, big security breaches, and one-to-one marketing, U.S. consumers are increasingly dubious of consumer product companies’ security and privacy practices.

Although consumers readily share their email addresses, demographic and socioeconomic details, and much more with businesses in exchange for special offers, they increasingly have qualms about sharing this data and want assurances companies are taking appropriate measures to protect their personal information.

Data from a Deloitte survey of 2,001 U.S. consumers¹ shows many are wary of both the value they receive from sharing their personal information with consumer product (CP) companies and of CP companies’ policies and practices for protecting their personal data. The survey results also reveal many consumers’ purchasing decisions are influenced by CP companies’ security and privacy practices. For example, an overwhelming majority of survey respondents say they’re more likely to purchase from CP companies they believe protect their personal information and are more likely to avoid CP companies with security and privacy practices they view as inadequate. (For details, see, “Executives Underestimate Importance of Security, Privacy to Consumers.”)

Given the degree to which security and privacy influence consumers’ purchase decisions, and given their generally lukewarm impressions of CP companies’ data protection measures, CP companies have work to do to gain consumers’ trust, observes Frank Milano, a partner with Deloitte & Touche LLP. Yet this work also represents a potentially significant business opportunity.

“Strong data privacy and security practices not only help mitigate cyber risks but also present a potential source of competitive advantage,” says Milano. “Our survey results suggest the security and privacy field is wide open for CP companies wishing to differentiate themselves by building a reputation for respecting and protecting consumer data.”

The following considerations can help CP companies—and companies in other business-to-consumer industries including financial services and health care—strengthen their data privacy and security practices and, in so doing, improve consumers’ perceptions of them.

Think like a consumer. Companies with reputations for carefully handling consumer data put consumers at the forefront of their security and privacy planning and practices, according to Milano. They adopt a consumer mindset when developing strategies for using and protecting consumer data. For example, when deciding what data to collect and how to use it, these companies consider how consumers might interpret their policies and activities. They ask:

What data do we need to collect to improve the consumer experience at various stages of the consumer life cycle?

Which marketing efforts might consumers view as intrusive rather than helpful?

In what situations or for what types of data or analyses should we first seek opt-in consumer consent?

How do we avoid collecting and storing excess consumer data we don’t use or need?

To better understand consumers’ perspectives on security and privacy, Milano suggests segmenting customers based on their awareness of—and level of concern for—these issues. In other words, develop a strategy based on the views of the consumer segment that is most concerned with data privacy and security. “A company that addresses the needs of this discerning segment is more likely to exceed the expectations of others,” he says.

Use your privacy policy as a tool for building trust. A clearly written and readily available privacy policy not only educates consumers of the steps a company has taken to protect them, but also builds trust. And trusting consumers may be more willing to share personal information, observes Milano. Privacy policies written in legalese, that are more than a dozen pages long and printed in a tiny font size, tend to have the opposite effect, he adds.

To revamp a ponderous privacy policy, Milano recommends shortening and simplifying it. “Many consumers skim, rather than carefully read, privacy policies, so getting the main messages across quickly and simply is critical,” he says.

To that end, Milano proposes leading with easy-to-understand language that clearly states the specific data the company collects, how the company protects and uses this data, how consumers benefit from the company’s practices, and how consumers can opt in and out. “Leaders should view their company’s privacy policy as a strategic communication that maintains and even builds trust by committing to safeguarding consumers’ personal information,” he says.

Elect a chief privacy officer. Responsibility for data privacy doesn’t typically roll up to a single executive inside consumer product companies due to their size and complexity. As a result, privacy issues sometimes lack the attention they deserve. A corporate privacy officer who reports directly to the CEO, however, can help change this dynamic. A privacy officer supported by the CEO and regarded as a peer to the CMO, CIO, and general counsel generally possesses the political and budgetary authority to establish a privacy policy and oversee its implementation throughout an enterprise. Says Milano, “A company that puts its top privacy officer in the C-suite sends a message to the marketplace that it respects consumers and handles their data with care.”