The COVID-19 pandemic and related events of the past year have created unprecedented challenges for businesses and individuals around the world and has driven organizations to rapidly transform the ways they engage with their customers, partners, and employees. Corporations shifted largely overnight to a principally remote, work-from-home business model, which accelerated digital transformation and forced companies to navigate previously uncharted ethical and legal waters regarding obligations around the collection, storage, and future use of personal data.
This rapid transformation has placed both corporate and personal data at greater risk than during pre-COVID times. As companies adapted to the developing privacy legal landscape and increased public scrutiny that comes with it, the ability of an organization to demonstrate and communicate adequate safeguards around data became critical to earning consumer trust.
Every company has a vested interest in protecting and respecting the privacy of their employees and customers. Failure to secure these kinds of vital data and be transparent around use can create an existential threat to business and brand reputation. Reputations can take years to build, but only minutes to lose.
Security + Privacy = Trust
A recent survey from Salesforce revealed that 95% of customers surveyed say that trust in a company makes them more likely to remain loyal to a given brand. At the same time, the 2020 Consumer Privacy Survey from Cisco found that 60% of survey participants are actively concerned about how their data is being protected, as they work, learn, and even visit the doctor remotely, using video streaming and cloud applications.
The recent Protecting Data Privacy During the Pandemic and Beyond report from Cisco sought to identify the top concerns that people have regarding personal data during the pandemic. Nearly a third (31%) worry that their data will be used for unrelated purposes, and one in four are concerned that their data will be shared too broadly with third-party companies. Almost a quarter (24%) have suspicions that their data will not be deleted or anonymized when it is no longer needed for its original purpose.
The Cisco report illustrates why transparency around the use of collected personal data is crucial. It is a telling statistic that just under half of those surveyed do not feel they can adequately protect their own data. The top reason given among 79% of respondents is that they don’t have adequate insight into what companies are doing with their data. It is difficult—if not impossible—to establish trust when there is no transparency between a business and its customers.
Respecting Privacy and Protecting Personal Data
Throughout our 36-year history, we at BlackBerry have built our reputation on our ability to protect and respect the personal data of our customers. Data Privacy Day is not just a date on the calendar for us, but a core value we strive daily to uphold. On January 28th, we take time as a company to reflect on our mission—to protect data—and we fulfill this mission by continuing to develop secure products and services with privacy embedded by design.
BlackBerry operates based on four simple tenets. Employees of every company can learn to uphold these data protection values:
- Know What Makes Data Personal. The definition of personal data is broad and applies to any information relating to an identified or identifiable natural person. It’s nearly impossible to protect personal data without knowing what it is.
- Start with Why. There must be a clear and lawful business purpose for collecting personal data. If you can’t credibly answer the “why”, don’t collect it. Also, just because you may be able to access personal data, doesn’t mean you can use it for any purpose. The use of personal data needs to be limited to the original purpose for which it was collected—this is a fundamental pillar of creating and maintaining trust.
- If You Collect it, Protect it. If you collect personal data, it is imperative to ensure that appropriate security controls are implemented to keep it safe from inappropriate or unauthorized access.
- Security ≠ Privacy. While it’s possible to have security without privacy, it’s impossible to have privacy without security. Privacy is about the ethical and responsible handling of personal data. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.
All employees can play a role in protecting and respecting the privacy of customers, prospects, partners, and visitors and identifying practices that don’t support this important mission. On an individual level, the simple (yet effective) message to convey to employees is this: “if you see something, say something.”
Companies across all industries have a responsibility to protect data and ensure privacy. We are all in this pandemic together, but organizations that demonstrate responsible and transparent practices in the handling and protection of customer, partner, and employee data can differentiate themselves from competitors and maintain a competitive advantage in the market while creating a relationship of trust.