Approaching Data Privacy From A Customer’s Perspective
8/10/2020
Data privacy regulations are on the side of the consumer. Both the GDPR and the CCPA see individual control and autonomy as the ultimate objective of data protection. But businesses often formulate privacy risk frameworks to manage regulatory compliance, rather than meet the needs of their customers. A new white paper by the World Economic Forum (WEF) asks businesses to rethink the way they approach these practices.
Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction aims to draw light on how businesses view consumer consent and open the dialogue for meaningful change. It suggests implementing a human-centric design to risk frameworks. The idea is to relook at your data privacy risk framework – from the perspective of the consumer.
In this way, risk frameworks would be designed proactively with the consumer’s rights and safety in mind, rather than reactively to mitigate the risks associated with non-compliance.
Consumers need help navigating data privacy
By 2025, 80% of global data will reside in enterprises. This vast mass of information will be provided, in one way or another, by customers. The WEF white paper argues that consumers are not always aware of the implications of their choices, particularly around granting consent for the use of their data. Customers need help managing their data and privacy frameworks and should support this need. A company data privacy policy should guide and inform customers about the implications of their choices, and explain what happens after they give consent and how to revoke it.
Like the core value of human-centered design, a proactive policy should put the needs of customers at the center of the data collection and management process.
This human-centered focus also involves raising the ethical questions around the use of data. Article 6 of the GDPR addresses these issues by stipulating the legal grounds for data collection depending on appropriateness. The law is explicit – notice and consent alone as a rationale for justifying data collection is insufficient in all circumstances.
Harm assessment process
While a risk assessment is acknowledged as a standard data privacy process, the report suggests a similar assessment be conducted for the risks faced by customers throughout the data life cycle. This “harm assessment process” would identify business practices that could cause potential harm to customers and make recommendations for change.
Since these are the type of assessments conducted to lay the grounds for regulations such as the GDPR, a proactive data privacy risk assessment should include such processes as well.
Data is a valuable commodity, but the value of customer loyalty and reputation, albeit harder to quantify, should never be underestimated. Privacy laws exist to protect customers, but the wellbeing of customer interests should start at the organizational level – with the collection and management of the data itself. The value of data should equate to the value you place on your customers, and this should reflect in your data privacy framework.
Protect your customer’s data at every stage of the development life cycle. Hush-Hush Data Masking not only meets the requirements of privacy laws such as the GDPR, CCPA, and HIPAA, but it also gives your customers the peace of mind of knowing their data is safe.