Customer data can be a strategic asset for a company, but they can also be a major liability if misused. To be good stewards of personal data, companies must clearly understand how they manage those data.
Companies need to collect data in a way that both adheres to evolving regulations and builds customers’ trust, keeping in mind the wide range of sources of data: customers who volunteer their data directly, companies that observe data as a result of an interaction between an individual and an organization, or an organization that infers data from an analysis of customer records and behavior. As companies amass data, they also have an obligation to secure them, to prevent data from being compromised or misused. The potential impacts of missteps in this area can be huge, in terms of not just the sometimes billions of dollars in damage done through the breaches themselves but also the potential legal and regulatory costs.
In addition, companies must have clear policies, protocols, and processes for how they will obtain proper permissions in a decentralized and dynamic environment in which individuals play an active role. Organizations must also ensure that they are actually following their own policies, an element that is frequently lacking.
One way to rethink how businesses manage personal data is to offer customers simple and meaningful opportunities to grant permission for the use of their data. A joint survey conducted by BCG and Liberty Global of more than 3,000 consumers revealed that few individuals exercise control of their personal data, however. Just 10 percent of respondents had ever undertaken at least six of eight common privacy-protecting activities, such as changing privacy settings or opting into or out of data use. Even though that remains common behavior today, we found that consumers who were able to effectively manage their privacy were up to 52 percent more willing to share information in the future than those who were not managing their privacy.
Consider how BT implemented the “cookie law” in the U.K., which requires companies to obtain the consent of their website users before using cookies to track behavior online and personalize services. To comply with the law, BT implemented easy-to-understand practices for visitors to its website. A simple pop-up screen allows users to discern the strictly necessary cookies required for the site to operate properly (from which customers do not have the right to opt out) and the functional and targeting cookies that enable social sharing and behavioral tracking but that also allow the best experience. The company clearly explained what customers get for the information they give.