This blog was originally posted on Forbes.com. Kim Bozzella is a member of the Forbes Technology Council.
Here’s a problem I often see: Most businesses recognize the significance of data privacy and identity management in safeguarding information, yet many overlook the relationship between privacy, identity management and customer experience. This connection is becoming increasingly important as establishing and nurturing customer trust is essential for fostering repeat business, competitiveness and growth.
Ultimately, brand and company loyalty are crucial, and often, they begin with trust in the organization’s ability to protect a customer’s personal and confidential information. What’s more, regarding the value of building customer trust, it’s been well-documented that retaining existing customers is far more cost-effective than acquiring new ones.
Customers are increasingly aware of the risks associated with online transactions and the potential threats to their privacy. These concerns have been validated by frequent breaches, data theft, ransomware attacks and cyberattacks in the news. In fact, a 2023 study by PCH Insights reveals that 86% of Americans are more concerned about their data security and privacy than they are about the state of the economy.
Businesses need to understand the symbiotic relationship between (1) identity protection and data privacy and (2) customer experience.
Why trust matters
Businesses understand that customer data is vital for creating personalized experiences. However, gathering and utilizing any amount of customer data can raise privacy concerns. Customers are aware of the significant threats to their data and privacy, making it crucial for businesses to establish trust through transparent and secure data practices. Losing trust means losing business.
A study from Ping Identity reveals that 81% of consumers say that ease of use is important when interacting with brands regarding their overall digital experience, and 61% report that having privacy laws enacted to protect consumer data and knowing that the website vendor is complying with those regulations make them feel more secure when sharing their personal information online.
While customers have come to appreciate heightened protections to shield their data, it is equally important to prioritize a seamless and personalized experience that maintains trust and ensures a clear understanding of the protective measures. Complex customer access procedures—e.g., cumbersome multifactor authentication or difficult-to-decipher CAPTCHA tools—often result in frustration and customers abandoning online interactions. To illustrate, according to a study from the FIDO Alliance, more consumers prefer retailers that allow them to log in and make transactions through on-device biometrics, such as fingerprint or facial recognition. Moreover, 60% of U.S. consumers believe retailers offering on-device authentication care more about their customer experience, 58% care more about their privacy and 61% believe they care more about their security.
Although customer experience and satisfaction are foundational to business growth, organizations cannot ignore the implications of security breaches.
According to Statista, the average cost of a data breach in 2023 grew to $9.48 million, and Verizon’s 2024 Data Breach Investigations Report (DBIR) states that 62% of financially motivated incidents involved ransomware or extortion, with a median loss of $46,000 per breach. Failure to comply with data privacy laws can also lead to very expensive fines. Past examples include a major online retailer’s $866 million fine and a consumer credit reporting agency’s $700 million fine for breaches that exposed customer data.
Taking action
One of the primary issues I see with businesses is that they view data privacy and identity management as distinct concepts, where:
- Data privacy focuses on protecting personal information from unauthorized access, use, disclosure or modification.
- Identity management deals with managing individual identities within a system and focuses on verifying who someone is and ensuring they have the appropriate access rights to specific resources or data.
Establishing consumer trust while ensuring regulatory compliance requires businesses to approach these concepts with a unified perspective. This involves adopting a comprehensive approach to privacy, identity and compliance.
Businesses should first gain a better understanding of where data is stored and the types of data collected and managed. This requires, among other things, carefully examining the existing legislative and regulatory requirements and those that may be enacted in the future.
Next, especially regarding data collection and management, it’s vital to understand the organization’s compliance obligations. While the importance of compliance is not a new concept, rapidly evolving changes in legal requirements are creating new challenges for many organizations. Ultimately, data privacy, along with identity and access management, must be intertwined with cybersecurity, compliance and the systems that manage them. Remember, compliance failures erode customer trust.
Moreover, it is essential to ensure that a customer’s data is adequately protected and easily accessible without the need for complicated procedures. In simpler terms, privacy should be guaranteed without being excessively difficult to confirm, and the data must remain readily available to authorized individuals who require access.
In today’s competitive landscape, it is crucial to prioritize the establishment and upkeep of customer trust. This can only be achieved through the implementation of effective and integrated data privacy and compliance practices. Any compromise or loss of customer or client data can permanently damage that trust.
To learn more about our data privacy solutions, contact us.