Since the launch of Data privacy day back in 2007, the initiative has grown to the extent that it is now observed in 47 European countries plus the US, Canada, Nigeria and Israel.
Although inextricably connected with data security, data privacy is quite distinct. That distinction is understood by Canadians in a timely poll, released to coincide with data privacy day.
Control is top of mind for Canadians when it comes to online personal information.
According to a new survey from Interac, nearly eight in 10 Canadians (76%) are worried about protecting their online privacy, and seven in 10 (74%) want more control over their online information.
The Interac survey identifies sign-in – the act of verifying your identity to access online services or activities – as a critical moment for organisations to build trust with their customers by giving them more control over their personal information. Over half of Canadians (53%) believe organisations are primarily responsible for protecting their personal information, and nearly seven in 10 (69%) would hold them accountable in the event of a data breach. Nevertheless, Canadians continue to sign in through services in which they report low levels of trust and confidence. For example, while six in 10 Canadians (58%) say they use their social media accounts to log in to other online services, only one in 10 (11%) trust these accounts to store their personal information.
Colette Stewart, Senior Legal Counsel and Privacy Lead, Interac
“When customers sign in to an online service, they are putting their trust in that provider to keep their data safe,” says Colette Stewart. “As Canadians hold organisations accountable for the use and storage of data, entities of all sizes have an imperative to provide clear guidelines on how personal information will be used and to enable increased control for users when it comes to managing their privacy online.”
With nearly seven in 10 Canadians (69%) expecting to be able to access all government services online, there is a need for authentication options in both the public and private sector that protect personal information. This includes sign-in and verification solutions that leverage existing trusted credentials such as those held by financial institutions. Almost half of Canadians (49%) support using their financial institution login details to verify their identity during the sign-in process, with nearly the same amount (50%) reporting that it’s tedious to set up a new username and password to access online services.
Colum Lyons, CEO and founder of ID-Pal
Lyons says that data privacy day is an important reminder of the role we all play in data privacy and protection as a global cause.
“In 2020, many industries were forced to move their processes fully online. For example, in the UK, temporary Covid-adjusted guidance on how to conduct Right to Work checks was introduced for employers, and now the ability to perform checks digitally is permanent.
“The digitalisation of manual processes improves the user experience and offers enhanced security when processing and storing personal documents and data. Individuals can assess data is being handled in a compliant, secure way. Something that is impossible to confirm with a manual method.
“It’s crucial businesses are aware of their duty to protect all customer, and employee, personal information. Organisations can reduce risk and vulnerability to fraud using digital identity verification to securely verify identity and address documents. They should also question vendors on what their approach is to data protection and privacy. How do they ensure the highest standards are in place across their framework, so that your business is not put at risk?
“By integrating these digital solutions that also have data protection at their core, companies can overcome their vulnerabilities and develop trust with customers from day one.”
Tim Bowes, Dufrain Associate Director heading up Data Strategy, Architecture and Management competency
Bowes explains how businesses can leverage customer data, whilst also respecting the consumer’s right to privacy.
Build trust by taking customer preferences seriously and listening to what consumers want, in line with regulation such as the EU GDPR
“When it comes to personal data collection, consumers are mainly concerned about what and how data is collected and stored. Only about half of consumers are happy to share personal details for use by third parties and partners, yet 66% of consumers still want personalised ads. This can only happen if consumers share their personal data.
“To address this gap, it’s important for companies to build trust. It is the only way to increase the number of customers willing to share their data. Businesses can do this by following through on their promises and ensuring consumer consent preferences are followed. For example, if a customer has specified that they only want to receive contact via SMS, making sure they only receive communications via that specific method will help to build trust.”
Manage and take advantage of vast amounts of data while ensuring privacy
“Businesses can take advantage of vast amounts of data while offering privacy in several ways. If the consumer has clearly opted in and stated their marketing preferences, then organisations can use that customer data as long as they are complying with data protection regulations. Companies also should ensure they collect and store data in a safe and compliant way.
“A GDPR breach can inflict lasting damage to a company’s reputation, undermining consumer trust and deterring potential customers from keeping their personal data with the company. Not only does proper storage minimise the risk of data leaks or GDPR breaches, but it also means that the company can access and harness that all important data to inform the design of new products and expand into new markets.”
Harness trust to retain customers
“When customers trust an organisation, they are more likely to opt-in to share personal data. It is not good enough for organisations to hide messaging regarding how customer data is going to be stored and used within the small print of terms and conditions. Clear messaging and labelling must be presented to customers at the earliest opportunity. As long as the purpose of the data collection is made clear, customers can feel reassured that the service provider will only use the information in a limited way that’s aligned with their preferences. Trust breeds increased brand loyalty and in turn, hopefully more data for organisations to use.
“For best results, organisations should use bite-sized snippets of clear communication regularly. This way, customers are more likely to feel comfortable and willing to share more. Recent surveys have shown that customers are more likely to share their data if they feel that the data will be used for something they consider beneficial, such as improving their health outcomes.
Bowes concludes that data privacy day is a valuable chance for businesses to reflect upon the current state of data governance in their organisation, while acting as a prompt to identify any opportunities for improvement.
“In general, the more transparent a business is on the usage of consumer data, the more likely its customers will be to trust that business and opt-in to share their information. This means responding appropriately to a customer’s marketing preferences and ensuring all data is stored in accordance with GDPR. Making data privacy a priority is the only way businesses can truly turn customer data into profitable insights that drive growth and innovation.”
Nicole Green, VP Product Strategy & Operations, Yapily
Data privacy should not be a barrier to open banking
Green highlights that privacy concerns from consumers, regarding where and how their personal data is being used, are at risk of holding back open banking’s true potential. But there is no reason why they should be concerned in the first place.
“Open banking is a fully regulated industry that offers a quicker, easier, and more secure way for people to access, move, and manage their finances. Dig a little deeper, and there is a misconception that open banking enables another company to simply “log-in” to your online bank account and “scrape” raw data from right there on the screen. That’s totally incorrect.
“Instead, specific data relevant to the use case is fetched in an encrypted format. The user’s consent is always required to do this, and two factor authentication is always used. And if the user chooses not to share, or to revoke their consent at any time, the third party no longer has any practical means to access their data.
“So, data privacy shouldn’t be a barrier to open banking. But, if we want to see greater adoption of innovative services and products that can help consumers better manage their finances, the open banking ecosystem still has a job to do.
“First, we must be better at communicating the security of open banking. This starts with educating consumers on who they’re sharing their data with, why it’s being accessed, and how they’re doing it – plus the benefits they’ll receive as a result.
“Second, we need to see accelerated development of a Smart Data framework from the UK Government, maximising the potential of secure data initiatives across multiple sectors like energy and utilities to support consumers through these tough times.”