Build trust by taking transparency seriously Unintentionally or purposely misleading customers contributes to their distrust. Unfortunately, some businesses seem to forget about this principle. One company, for instance, launched an experiment to study the effects of manipulating customer’s posts; another company modified customer profiles and ran analytics to determine which profile improved their matching services. Not surprisingly, both attempts backfired with customers, causing ethical debates and negative press. Businesses should be more transparent about what data they collect about customers and how they use it. Some companies are obscure with their practices, including not informing customers how they share data with third parties or how they collect it from data brokers to sell. Other businesses may think that the value of the data derives from keeping it inaccessible to customers, just like credit scoring data. However, this lack of transparency is raising many consumer concerns, and the Federal Trade Commission (FTC) published a report in May 2014 calling on data brokers for more transparency and accountability.17 Follow basic data protection guidelines According to the TRUSTe consumer confidence index, 89 percent of Internet users in the US would avoid doing business with companies that do not protect their privacy.18 Data breaches further complicate the matter—not only in terms of litigation costs, but also reputation damage and customer flight. In order to limit their liability, businesses need to enforce encryption and responsible data management practices that protect customers’ personal data. According to a Ponemon study conducted in October 2014, four out of five IT practitioners acknowledged that their organizations do not use a strict least-privilege data model, where each user or program is allowed the minimal access privilege just to the information and resources that are necessary for a legitimate task.19 Take advantage of privacy-preserving analytics Managing and protecting the increasingly large sets of personal data while running useful analytics on them is not a trivial task. However, businesses do not have to lock up all the data in order to avoid a privacy risk. For instance, TrustLayers offers a platform that seeks to provide privacy intelligence for big data and help businesses to efficiently use personal data while monitoring whether their teams are following privacy policies.
The privacy risk is exacerbated by advances made in data mining technologies. Therefore, companies should consider privacy-preserving data mining techniques, which seek to balance the utility of data acquisition with privacy protection. The risk of leaking sensitive data is limited by modifying the data in such a way so as to perform analytics effectively, while safeguarding sensitive information from unauthorized disclosure and releasing only aggregate data. Various techniques exist for all the steps of the analytics process—from data collection, to data mining, to sharing and delivery of the insights extracted from data. Businesses should explore techniques such as differential privacy and distributed data mining in order to identify the most suitable technique for the application that they need.21, 22 Innovate to appeal to privacy-wary customers To build customers’ trust, businesses are beginning to apply enhanced services that protect their privacy and digital footprint beyond VPN access to their services. Facebook, for example, launched a Tor hidden service.23 The users of the social media service can stay anonymous as their connections go through three extra encrypted hops to random computers around the world, making it difficult for eavesdroppers to observe their traffic or trace it back to their origin. Similarly, Apple decided to relinquish access to customer data on iCloud. Encryption keys created on the customer’s device are used to encrypt the data on iCloud. Apple has no access to these iCloud keychain encryption keys, and therefore is not able to decrypt user data stored on iCloud.24 Businesses should also consider innovative approaches to convince customers to share more data, including providing rewards in return for data sharing, or even offering anonymous services to appeal to more privacy conscious consumers. Global identity validation services such as BeehiveID or ID.me could be used instead of social media logins to allow customers to have more control over their data while ensuring businesses protect their identity. Anonymous credentials represent a powerful solution for preventing even colluding credential issuers and verifiers from identifying and tracking users. These technologies can alleviate trust concerns regarding centralized credential providers that can make a statement about identity on the Internet, as these providers get more visibility into users’ entire online activities. Businesses can also explore emerging techniques to offer anonymous credentials as a basis for constructing untraceable electronic payment systems, or “e-cash.” One example of these techniques is a new protocol named “Zerocash,” which adds cryptographically unlinkable electronic payments to the Bitcoin currency.25 Empower customers with tools Consumers in the UK and US now have access to Internet company ratings based on their data stewardship practices published by Fair Data and the Electronic Frontier Foundation.26 With more information about businesses’ privacy and data protection practices, customers can make better informed choices. They also have more tools at their disposal to help them hide their data or decide which businesses to share it with.
For instance, Ghostery is a privacy tool that helps customers control which businesses can track their web browsing behavior. Meeco is a life management platform that enables people to collect their personal data while being more anonymous. By acknowledging and honoring customers’ desire for greater control over their own privacy and how they trade their data in the emerging Internet of Me, businesses can increase their trust factor with customers. This is just the beginning of a much longer privacy journey the technology community is embarking upon; until these protections become federated and transparent to end users, they are unlikely to be widely used. As such, this space will see many shifts and innovations over the coming years. Conclusion Accenture recommends that businesses be vigilant with their security and privacy practices so that they neither compromise their customers’ experiences nor lose their trust. Following truly proactive and ethical data stewardship practices, and offering enhanced services that are consistent with customers’ expectations of privacy and personalized seamless experiences, will strengthen trust and participation in the digital economy