Consumers today are becoming increasingly concerned about data security and privacy as a result of the countless breaches that have made news headlines over the past few years. The need for establishing digital trust is on the rise.
In response to this growing demand for digital trust, many companies have made efforts to improve the user experience while also enhancing security, data privacy and fraud detection, especially in light of the General Data Protection Regulation (GDPR).
These initiatives stem from the business need to meet consumers’ expectations — but what about the consumers themselves? How can they decide whether a company is deserving of their digital trust?
Digital Trust Hinges on Transparency
Transparency is a critical factor that consumers consider when establishing digital trust with a company. This usually translates to honesty and openness about business operations in general, especially when it comes to security and privacy. Companies must keep consumers informed on a regular basis — not just in the aftermath of a data breach.
How can organizations create this transparency when not everyone is a security or data privacy specialist? The GDPR accounts for transparency in Article 22, which details the “right of explanation.” But as The New York Times noted in November 2017, this only applies to data handled by machine algorithms.
Moreover, the GDPR does not offer guidance for communicating these rights in terms consumers can easily understand. As a result, the above definition of transparency needs to be revised for clarity and comprehensibility.
Why Establishing Digital Trust Is Critical
In Germany, consumer organization Stiftung Warentest tests goods, such as washing machines and telephone contracts, and offers dashboards with scores based on a defined set of criteria. In December 2017, the company tested wearable devices and downgraded all but one of the products it examined due to lack of transparency regarding how the vendors handle customers’ personal data.
In his book, “Data for the People,” big data expert Andreas Weigend stressed that consumers possess the right to both access their data and inspect data refineries. The latter includes the right to see a data safety audit; privacy efficiency rating; and return-on-data score.
A dashboard with a rating scheme could make it easier for consumers to understand and compare companies based on the security and privacy they provide. Of course, such a dashboard should include the criteria outlined by the GDPR and any other data privacy regulations to which the company is subject. It should also consider the company’s contract and cooperation with consumers, as well as its past record of dealing with security incidents.
Below are some additional points for consumers to consider when establishing digital trust with a company, according to Weigend:
- Cyber resilience: International Standards Organization (ISO) 27000 is a good starting point, but the results must be translated into a comparable score that consumers can easily understand.
- Privacy efficiency: How can consumers measure whether their personal data is being used unnecessarily? A paper authored by researchers from Microsoft and the University of Pennsylvania described the promise of “differential privacy,” which is designed to ensure that consumers “will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis.”
- Return on data: This refers to the value the consumer receives in exchange for his or her personal data.
Infusing Data Privacy Into the Digital Experience
The implementation of and adherence to the framework described above must be a joint effort between business, security and privacy representatives. Each criterion represents another step toward creating the transparent digital experience customers have come to demand.
By making it as easy as possible for consumers to establish digital trust, organizations in all sectors across the globe can put themselves in a better position to stay on the right side of data privacy regulations and maintain successful and secure relationships with customers for years to come.
Download the white paper: Accelerating Growth and Digital Adoption With Seamless Identity Trust
CTO for Identity & Access Management, IBM Security Europe