Rethinking the way in which customer data gets managed is new a frontier for businesses immersed in the digital landscape. Notably, new regulations that affect any company who are holders of European customer data threaten non-compliant companies with fines up to 4% of global turnover. Here MEF CEO, Rimma Perelmuter reflects on the impact for the mobile industry.
As companies continue to collect more and more personal data from consumers and emerging technologies such as mobile health, financial services and IOT seek to access our most sensitive data, the potential risks in the form of cyber security breaches, mismanagement of data and changing attitudes of consumers cannot be underestimated.
Regulators have had the tough job of charting the right course between security and privacy – often pitted as competing interests in world where both should be sacrosanct. In the European Union’s General Data Protection Regulation (GDPR), we can see the direction of travel in which they are headed.
The threat of eye-watering fines has caught the attention of large data holders with customers in Europe, but innovators and smaller mobile businesses with smaller legal teams are also in for a surprise.
And yet, there is another way forward.
At MEF’s 6th Annual Consumer Trust Summit in San Francisco last month, we invited regulators to sit down with business leaders to discuss how to align the needs of companies and the consumers they serve.
I had the pleasure of moderating the Stewardship of Customer Data panel which comprised the FTC, UK Information Commissioner’s Office (ICO) along with privacy experts from insurance giant AIG and app provider Evernote. There was a great deal of common ground between the panellists on how businesses can manage the risk associated to personal data and, in turn, translate good stewardship into revenue. I picked up the following themes.
Regulation must provide a level playing field
Listen to the data sovereignty panel in full
Apps and most mobile services are global, yet businesses must contend with a patchwork quilt of local regulations which across territories. How can we expect any company – especially start-ups and entrepreneurs – to stay abreast of the latest regulatory developments in Europe, the US, China and elsewhere in the world?
Our panel addressed the positive collaboration happening to drive regulation around consumer data – especially in the US and Europe. It’s clear regulators have started to share learnings and best practice – the FCC factored the EU’s GDPR into the development of its Privacy Shield, for example – and the Global Privacy Enforcement Network seeks to share challenges and potential solutions among regulators. However, it’s equally clear that yet more can be done to make the rules simpler and compliance less of a burden.
But the risk of fines is not the only reason to embrace best practice
Companies who embrace shifting consumer attitudes toward privacy and security will succeed in the long term. Consumers trust Evernote with all kinds of data from their first baby ultra-sound to final year college notes and banking passwords. Many are prepared to pay for the enhanced privacy they offer (data is not shared externally or monetised in any way).
Stephen Wood of the ICO reminded the audience that the risk to their business is not confined to regulatory fines. The Talk Talk case in the UK and Ashley Madison globally showed the extent to which reputation and commercial interests are affected by security breaches.
Insurance, privacy seals and industry collaboration may provide an answer
Cyber-crime and security protection in digital is one of the fastest-rising sectors within insurance, though insurers currently suffer from a paucity in actuarial data to inform their policies. Companies that invest in training are likely to be able to negotiate a better premium price as 60% of breaches arise from human error. And the cost of insurance premiums will become increasingly important to business leaders as the risk of exposure to regulatory fines grows.
There may be value in creating self-regulatory privacy seals: guidelines adhered to across industry with a view to promoting best practice data stewardship. Regulators have made it clear they would welcome this kind of innovation which could only help efforts to build trust among consumers.
As such, businesses may well benefit from collaboration to outline the challenges around security and privacy and identify simple, efficient policies and procedures to meet them. Stewardship means more than accountability. We the mobile industry must recognise the benefit that our roles as smart guardians & innovators can bring in the personal data economy.
Those who take as much care of their customers’ personal information as banks do with their customers’ money are best placed to win in the long term. But the conversation needs to shift from one of compliance to aligning incentives; minimising risk and maximising rewards for those who take the high road and take their customers on a trusted personal data journey.