Data and Privacy: Personalisation vs privacy, getting the balance right

By Sharad Patel, data privacy expert, PA Consulting.

  • 4 years ago Posted in

The key to ensuring you have happy and loyal customers is not to think of the privacy debate as personalisation versus privacy, but as personalisation with privacy in mind. Customers expect to be recognised by the organisations they engage with, be it at a hotel chain (“Hello Mr Patel, Welcome again to Hotel Paradise”), or a video streaming website (which remembers the last movie you saw and provides recommendations for similar ones), and want their experiences personalised. Organisations need to find ways to balance the need for this kind of personalisation with privacy rights of the customers and wider privacy requirements from regulations such as GDPR and CCPA.

 

There are a number of ways organisations can achieve that balance. The first is to build trust with customers by being transparent. Privacy notices are a great way to inform your customers about how their personal data is used by your organisation. However, they need to be written in an easy to understand language, and provide information about who the data is shared with, the reason for storing this data, how long is it kept for and which countries is it processed in. This kind of transparency is a core building block of building trust.

 

That should be reinforced by offering your customers real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation. In the end, it’s their data and they need to understand the impact or benefit of providing or not providing their consent for you to use the data. If companies make it easy for users to understand the benefits of providing consent, and there will be an increase in customers opting in to share their data with you.

 

This kind of engagement should not be a one off with privacy notices just sitting in a corner of your website. They need to be central to the user experience, so if a customer has not provided consent to be shown customised content when they enrolled, you might want to remind them by showing a pop-up when they log in next time. This should explain why they are being asked and what they can do to receive customised content if they wish to. It is important not to do this too often which might annoy some customers, but if it is done in the right way and at the right frequency, this can lead to happier customers and increased loyalty.

 

It is also important to educate internal stakeholders about your approach. Large organisations often have a variety of Business Units which look at the privacy challenge in different ways, which can often confuse the customers. The entire organisation needs a consistent approach which has been set out in engagement and awareness programmes which have set out how a balance between personalisation and privacy leads to greater trust and generates business value.

 

Even when you have done everything right, there will be times when customers have a grievance about how you have used their personal data. They might make requests to either change the data, get a copy of it or in the worst case, delete the information that you store on them. It is vital that you have tried and tested procedures for every possible scenario, have teams and systems in place to action these requests and also understand what other legal obligations you might have to archive some elements of the data. Even though in the short term, these requests might seem to have negative implications (if they decide not to use your customised service), in the long term customers will remember how quickly and professionally you acted which will help with the wider question of trust.

 

Only companies which can find this right balance between personalisation and privacy will be successful in the future. Too much of either would risk either being ignored by the customer (if there is no or very little personalisation), or losing their trust (if there is no or very little privacy), both of which could have disastrous consequences on your business.

 


 

By Barry O'Donnelll, Chief Operating Officer at TSG.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Milou Lammers, Director of Compliance, iland.
By Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business at...
By Michael Queenan, co-founder and CEO of Nephos Technologies.
By Tawnya Lancaster, Lead Product Marketing Manager, AT&T Cybersecurity.
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten...