In the last few months alone, dozens of reported data breaches have already occurred.
From Twitter’s breach that leaked millions of user accounts to ChatGPT’s breach that exposed subscriber payment information, it can start to feel like no one’s safe in this digital Wild West.
Which is why, more than ever, a brand’s focus on consumer data privacy is paramount.
The good news: Companies are paying closer attention to how they handle and protect user data, but many are doing it solely to stay compliant with privacy regulations like the General Data Protection Regulation or the California Privacy Rights Act (GDPR and CPRA, respectively).
In fact, a 2023 report by the International Association of Privacy Professionals (IAPP) found that 35% of companies primarily protect user privacy to stay compliant with regulations. Certainly no shame in that, but other findings from the same report suggest companies should also be protecting privacy for additional, more profound reasons. Arguably the biggest? Consumer trust.
IAPP posits that more than 80% of consumers affected by a data breach would stop engaging with a brand following a cyberattack. This translates to loss of loyalty and, worse, lack of trust.
But if a company does endure a breach, how would it regain customer trust?
A brand that’s trusted from the get-go would enjoy higher chances of salvaging customer trust. So, if something should go wrong (like a breach), customers would be more likely to trust that the brand will fix it.
Typically, this applies to companies that place a deep focus on user privacy from the jump. Not only are those companies less likely to experience a breach, but they also have greater consumer trust—ideally, even in the face of a breach.
But for brands that were either late to the data privacy party or haven’t RSVPed to the invite, regaining consumer trust after a breach can be an uphill battle.
Ten years ago, when protecting consumer data had little to no regulation (and was certainly less of a business priority), household brands like Target felt the sting. In 2013, the retail company experienced a massive data breach—the largest retail breach in U.S. history—that affected millions of customers.
At first, the brand poorly handled the breach (it took them 16 days to notice it and another four to tell its customers). But Target righted itself quickly thereafter and, arguably, has made a complete recovery in terms of regaining customer trust.
How?
Just months after the breach, Target shared a list of security and tech enhancements on its corporate site (see the 2014 list here). In it, the brand promised to enhance monitoring and logging, strengthen account security, and review and limit vendor access.
It helped, too, that Target already had a substantial base of loyal shoppers. What seems like simple touches—a user-friendly shopping experience, an appealing visual interior, and a deep sense of community—have kept consumers returning for years. Plus, regular attention to great customer service also likely contributes to strong shopper loyalty. In fact, in February 2023, the company announced a plan to invest upward of $5 billion for a greater guest experience. Even 10 years after its damning data breach, Target still looks for ways to rebuild trust (and establish it in the future).
It probably goes without saying, too, that Target’s privacy policy these days is detailed, robust, and transparent.
Of course, in this new era of rigorous privacy regulations and a general desire to do better, companies can avoid disasters like the 2013 Target breach altogether. Especially if they look at data privacy in a particular light.
Consider viewing data protection much like the European Union does: as a basic human right.
Because we’ve long understood that people have a right to privacy, the existence of more data—particularly sensitive data like social security and healthcare information—may put individuals at risk, whether from being unlawfully profiled, discriminated against, or even subject to implicit bias.
For this reason, thinking about the types of data you need (and why you need it) before collection can help minimize risk if, in fact, a data breach occurs. Plus, it fosters greater respect for an individual’s rights, as well as their privacy from unnecessary and intrusive questions.
And because privacy in general is already recognized as a human right in much of the world (see article 12 in the United Nations’ Universal Declaration of Human Rights), suggesting the same for data privacy isn’t a stretch.
Thus, data protection laws like the GDPR or CPRA aim to support the public’s privacy, but in the digital age. As user data becomes just as vulnerable as it is prevalent, viewing data privacy as a human right is a necessary approach.
Unsurprisingly, it also generates greater consumer trust. Especially when 87% of consumers consider data privacy a human right. Bottom line: If your business places real value on data protection and privacy—and sees it, too, as a human right—consumer trust will come.
Additionally, privacy expectations vary across markets, but those variances and gaps are closing; individuals want to have equal privacy rights, regardless of where they’re based.
Thus, companies should take a principles-based approach to privacy by asking the following:
In thinking about your company’s own approach to privacy and how to build trust with it, the solution is simple: Be as transparent as possible about the policy you provide, how it handles consumer data, and your plans for aligning with data protection regulations as they evolve.
Consumers really do appreciate it. According to the IAPP report, 64% of consumers said companies that provided clear info about privacy policies enhanced their trust.
But a lack of transparency about your policy can be an immediate trust breaker. Companies are urged, then, to be accurate and clear. Avoid telling the public about your privacy policy, “We do X,” only for them to learn later that what you’ve shared is misleading or altogether inaccurate.
Consumers would much rather hear a less-than-desirable answer—“We don’t support that right now, but we’re working on it”—than an inaccuracy or fallacy about your policy.
Another way to build trust might seem frivolous at first glance, but it’s more important than you think: Make your privacy policy clean, legible, and appealing.
Ask yourself: Is it easy to navigate? Does it have clear sections? Is it stylish? Perhaps it seems superficial, but not having those things provokes questions in consumers’ minds: How much time did a company spend on this? Have they taken the time and thought to design it?
Finally, engaging with your community about changes to your policy or regulation changes that may affect it helps nurture consumer trust. Knowing your community and your audience especially helps be proactive about anticipated changes.
It’s refreshing when new events occur in data privacy (like changes to a regulation), and a company gets ahead of it. Or, if they’re unable to right away, it’s comforting to see on their site or privacy policy page, “We’re monitoring this, too. We may not have an immediate solution yet, but we’ll update you when we do.”
The good news is that businesses are starting to realize how much their reputation hinges on having a robust data privacy presence. The IAPP report suggests 20% of companies protect consumer privacy to improve how consumers see them.
Really, whatever your company’s privacy policy can do to build long-lasting customer trust, there’s no wrong way to attack it. Just remember: Stay transparent, move with the regulatory tides, level with your community, and treat data privacy as a human right. Customer loyalty will follow.