Based on what you read and hear it would be reasonable to expect that customers rate experience, best price, largest range and 24/7 access as the most important aspects when they interact with your business.
Based on what you read and hear it would be reasonable to expect that customers rate experience, best price, largest range and 24/7 access as the most important aspects when they interact with your business. Quite simply that is not the case – the number one expectation customers have is trust. According to a recent PwC Global Online Survey, close to nine out of 10 consumers said their primary reason for shopping with a company was because they trust the brand. For those wary of shopping online, 43 percent said it was concerns about the security of their personal data which put them off. Even for those who don’t shop online, their personal information is still tracked, analysed, stored and shared with other businesses in a range of everyday actions such as in-store shopping, paying bills or making a call on their mobile. Irrespective of how or where personal data is collected, the question of security still remains. Whose role is it to protect it? What measures should a business take to ensure privacy? What happens if there is a breach? All of these questions take on a greater importance in light of some very high profile privacy breaches – such as Target in the United States where the personal information of 70 million customers, including credit card numbers, was leaked following a cyber attack during the 2013 holiday season. To help prevent breaches and better protect Australians and those who have data stored in Australia, new privacy regulations were introduced on March 12, 2014. These are the biggest changes to privacy laws in 25 years. The new privacy regulations are based on 13 principles that legislate how government and businesses, public and private, with an annual turnover of more than $3 million a year need to collect, use, store and share personal data. The principles are not just about about protecting customer data from prying eyes but also ensuring that data is not abused. Importantly, a read of the fine print shows they also apply to smaller businesses as well. Failure to comply with the new principles can lead to substantial fines. These will be imposed by the Australian Privacy Commissioner, who also has the right to investigate any one-off or recurring offences. Whether your business is impacted or not, the new privacy principles set robust guidelines that you would be wise to follow if you want to give your customers the trust they so value. To get started, you first have to know what is classed as personal information. Under the new legislation, personal information has been extended to account for any information collected anonymously, and that will have the ability to identify individuals. That includes phone numbers, address, names and ages. Businesses must also be able to notify individuals when information has been stored, how that information is used and where it is stored. Consumers also have more control over their ability to opt-out of certain communications. Not only do businesses need to include an opt-out mechanism, but they must also offer a centre where users are able to opt-out of other communications. Changes to responsibility in the event of a breach have also shifted to the business in question when that breach is located overseas. These obligations must be taken seriously if organisations hope to compete and succeed in this new world. While the possibilities of using data to personalise experiences and create adaptive marketing solutions are endless, care must be taken.These improved privacy standards are raising the bar for what consumers will expect; breaking their trust will have disastrous ramifications. Still before the Senate, new legislation which will require mandatory reporting of breaches. If passed in the current form, the proposed new laws, introduced into Parliament in March, would require an organisation or agency to notify privacy breaches to the Office of the Australian Information Commissioner (OAIC), if there is a “real risk of serious harm” to affected individuals. The commissioner would have the power to force offenders to publish public notices or to notify affected individuals. Australia is behind the eight ball on introducing mandatory reporting. The overseas track record of this legislation shows that sharing breach information helps to reduce and even prevents repeat or new breaches. Whilst business may think keeping this information confidential reduces perceived vulnerability it may infact be quite the opposite. Businesses working collaboratively by sharing the information may make business in general a harder target and therefore more trustworthy overall in the eyes of the customer. Michael Browne is a Partner at PwC pwc.com.au