Building trust-based relationships with clients has always been important for successful business practice. As the global data pool grows and consumer fears over personal privacy increase, it may become make-or-break.
In the last two years, we have created 90% of the total data in the world today. In a day, we spit out an average of 2.5 quintillion bytes – and counting. From smart watches that monitor our heart rates to chat-bot therapists who manage our anxiety, nearly every aspect of our lives can be digitized. This undoubtedly provides us with immense benefits – increased speed, convenience and personalisation to name a few. Yet it also gives rise to a challenge: how do we protect our right to privacy?
Anxieties over internet privacy are nothing new. As the data pool continues to expand however, they have been picking up steam. Hacks and other tech-related scare stories are now a daily occurrence on our newsfeeds – and they are increasingly hitting closer to home. Back in May 2017, the credit card details and passwords of nearly 700,000 UK citizens were compromised when Equifax fell victim to a hack. Even our private conversations don’t feel safe, as it emerged that Google’s new Home Mini had been accidentally recording its users without their knowledge.
Corporations themselves are also a target of consumer fear, and they are beginning to pay the price. According to recent research, US organisations alone lost $756 billion last year to lack of trust and poor personalisation, as consumers sought out alternatives. UK consumers share similar anxieties; nearly 80% of cite lack of confidence in the way that companies to handle their information as an extreme source of concern, while just under half now view data sharing as a “necessary evil” – something they will do reluctantly if they deem the reward high enough.
These findings aren’t an anomaly. Statistics gathered last year by the ICO show that only 22% of UK consumers trust internet brands with their personal data; more shockingly, they highlight that while over 50% of consumers trust High Street banks, only 36% have confidence in Governmental bodies to manage their data properly.
The price of complacency
So far, companies have largely managed to side-step the more serious consequences for consumer mistrust and data mismanagement. Not all have been lucky though. The notorious Ashley Madison hack in 2015 is a prime example of just how damaging loss of trust can be. The website, which provided an online platform enabling married people to conduct affairs, fell victim to hackers who published a digital “name and shame” list of its clients. For a business whose model was so dependent on trust and confidentiality, this proved disastrous. Despite the organisation’s insistent claims otherwise, analysis by SimilarWeb revealed that monthly site traffic had plunged since the attack, dropping by nearly 140 million a mere four months after the attack.
For some, the fallout is less dramatic – but still worrying. Take Uber’s breach for example, which dragged its already battered corporate reputation through the mud once again after it was revealed that the ride-sharing company had tried to cover up a 2016 data hack affecting 57 million customers. The immediate furore that followed this has raised some immediate problems for the firm, including the threat of prosecution and impending investigations by multiple countries worldwide. Even more problematic for Uber are the wider-ranging consequences of this cover up.
In combination with their potential loss of the London market and recent workplace scandals, this disastrous year has materialised into real financial impact; at the close of this quarter, Uber logged record losses of $1.5 billion, a $400 million increase on previous quarter and a far cry from their triumphant predictions of growth at the beginning of 2017. In a particularly telling sign, Uber’s investors also appear to be hedging their bets. Fidelity, who already have a significant stake in Uber, announced recently that they had participated in a funding round for Uber’s closest competitor, Lyft, pushing the latter’s valuation up to $11.5 billion.
Unlike Ashley Madison, Uber’s problems arose not so much from the hack itself, but from their attempt to cover it up. But despite the evident lesson here, this is a scenario we could see again. Over 2/3 of UK boards currently have no training to deal with a cyber-incident and estimates suggest that only 20% of companies have appropriate response plans in place. For Uber, the ultimate consequences of its misconduct remain to be seen; for the moment, they are protected by their largely unique offering, which gives consumers limited alternatives. Should it happen to a business without Uber’s dominance, it could prove fatal.
How can organisations move forward from here? In the current climate, it is unlikely that consumers will ever wholly withhold their data, as they place value on the services that giving away that data provide – as much has been shown by the fact that risky “data trade-offs” like Uber manage to survive.
However, as awareness of the risks and the stakes of losing data to a hacker increase, they are looking increasingly selective about who they choose to share their information with. As more and more information shifts from physical to digital, businesses must be prepared for change. We may be heading towards a future where access to data is no longer a handout but a privilege, hard won by effective risk management and transparent, secure systems that hand back sovereignty to the customer. To retain this privilege, businesses – especially those in crowded markets- should make effective data strategies an utmost priority.
Power to the people
So what makes an effective data strategy? For businesses, the answer to this question has, in part, been dictated by the introduction of GDPR in May; but while some businesses have only grudgingly fallen into line with the dictums of transparency and privacy, opportunities exist for those who embrace the new legislation.
Microsoft is example of one such company. In the weeks following GDPR’s introduction, it has made much of its new approach to user privacy and data, extending GDPR style privileges to its entire global customer pool (not just those based in Europe), and creating a new, user-friendly data management platform, which empowers individual users to view, maintain and delete data which Microsoft hold on them. Most importantly of all, they have provided clear, detailed information detailing why it benefits consumers to share their data with Microsoft. At its essence, their new approach can be reduced to three key components: respect, access and utility.
This is no simple exercise in corporate vanity. Microsoft’s approach has won it favourable comparisons with other big corporates such as Facebook and Google, who remain technically compliant but have tried to manoeuvre around “the spirit” of the legislation – and have consequently faced a significant backlash from clients. It also positions Microsoft as the antithesis of the “evil” corporate enterprise that has now so often come to define big tech – something that will only serve it well in the future.
No company – even those as seemingly untouchable as Google or Uber – can afford to ignore this quiet crisis of trust. In our future digital economy, it is data that will ultimately decide who wins and who loses. It is the lifeblood of capabilities like AI and predictive analytics, and is essential for providing the personalised services such as smart home devices that are becoming increasingly inseparable from modern life. While some businesses may be shielded for the time being by the uniqueness or the scarcity of the service they provide, even they can’t afford to breathe easy. As the surging interest in Lyft is demonstrating, rivals are never far behind.
Olivia Green is an Innovation Consultant and member of Sopra Steria’s Horizon Scanning Team, working to identify social and technological trends that are shaping business and society today. She has a particular interest in data and ethics, and has written previously on subjects including GDPR, blockchain and encryption. She holds an MA in Classics from the University of Edinburgh.