data privacy

Data abundance – a double-edged sword in customers’ privacy in retail

With the help of modern technologies, the shopping experience has become much more pleasant and simpler. We have accurate suggestions when browsing through e-commerce websites, extra discounts on our birthdays, or even sponsored posts about the exact kind of candy you are craving after you just talked about it. 

Along with the benefits, personal information disclosure is also at certain concerns. Moreover, customer privacy has been an increasingly heated topic, and regulators started to give benchmarks for information security

Below is an example of a customer journey and milestones where data can be extracted and used. Then, these data can serve customer’s good by boosting the relevance in product suggestions or increasing engagement with the brands in marketing and service. 

customer journey data in retail
Image source: Deloitte

A classic example of Amazon is building an ecosystem to gather customer data and enhance the shopping experience through its wide range of services. On the other hand, they can lead to intrusive activation and unauthorized use of data by the firm or third parties.

Indeed, consumers are losing trust in retailers. The 2019 Deloitte US Consumer Survey among 2000 people pointed out that 55% of consumers think retailers share data with third parties or even sell it.

Nearly two-thirds of consumers indicate retailers are responsible for data security rather than government or tech vendors. Thus, raising the data protection standard and letting customers know about it is essential to regain their trust. Also, the adaptation of regulation can be a good starting point.

New regulations in data protection and corporation’s readiness

In 2018, Europe enacted General Data Protection Regulation (GDPR). Then, in 2020, California Consumer Privacy Act (CCPA) went live. Overall, both sets of regulations aim to guide how retailers can extract and resort to their customers’ personal information. They also give consumers the right to control the information they want to expose, how data is stored and processed, and whether any third parties are involved with the usage of information.

California being the largest GDP contributor in the US, PwC calls CCPA “America’s GDPR”. The standards of customer privacy protection certainly became higher in two of the biggest economies in the world. However, whether retailers are aware of the importance of data security to the business and have strategic actions to complete the laws remains a question mark.

In a survey within 2000 retailers in the US conducted by Deloitte, 

  • Only 32% prioritize customer privacy and incorporate it into company strategic plans and business operations,
  • 41% have the intention to raise protection standards but at diverse levels, and the remaining,
  • 27% only mention customer data protection on the paper or conduct measures only as tactical compliance to the government.

Data protection implementation itself also faces certain obstacles, with the top 3 causes are:

  • Inadequate data management within the organization
  • Inadequate technology tools for privacy management
  • Lack of sufficient funding. 

In an article in July 2020 analyzing the challenges to comply with CCPA, Forbes also pointed to similar perspectives with the former two causes as in the Deloitte survey. Also, it stated that the CCPA’s lack of clarity piled up more difficulties for the corporation. The act was drafted and enacted so quickly that it was not concrete enough.

Reuters showed that while GDPR allows companies to take years to adapt, CCPA only gives a few months. It seems that the majority of the retail industry still has a long journey ahead to meet the expected level of customer data protection. 

Guidelines from the experts for better customers’ privacy in retail

However, the situation is not hopeless. Consulting firms such as Deloitte and PwC have given out guidelines for retailers, especially small to medium enterprises (SME), to survive to thrive above the circumstances. Deloitte suggests a framework including four keys areas to focus on to raise the data protection standard. Prospectively speaking, they are:

AreasActionsPossible benefits for retailers
Consumer centricityConsumers need to be fully informed about the type of data being collected, the method used, the purpose, and opt-out as they desireEnhancement in data quality and applicability 
Strategic alignmentPrioritize data protection and incorporate it into business strategy. Then, C-suite position(s) is necessaryWiser usage of the data collected
Data managementBuild one solely data source for consumer informationIntegrated data might lead to a complete customer profile
Security and InfrastructureTake any touchpoint into consideration to collect refined and standardized data. Thus, it is wise to focus on employee training to maintain a high data security level rather than overuse digital tools.Enhancement in the capacity to build and maintain trust with the consumers

PwC also outlines three key factors and a five-step plan to build customer trust while still comply with CCPA. The three main key points that firms need to take extra care of are:

  • Transparency
  • Protection
  • Value for Value

The last factor, Value for Value, is an intriguing insight. Deloitte’s 2019 US Consumer Survey showed the decreasing consumers’ trust towards retailers. Yet the research also shows that nearly 74% of consumers are willing to share their data if exchanged in a form (e.g., better pricing, discounts, or exclusive offer).

5-steps pathway in improving customers’ privacy

StepActionPossible benefits for retailers 
Discover and analyzeBuild single data storage covers all data categories mentioned and defined under CCPA. The system also needs to include whether the data is shared/sold with any third parties.Elimination of improper data handling
Assess and recommendStudy details of CCPA and take further needed actionsReduction or elimination of the compliance gaps
Strategize and planGather a cross-functional team to create an overall plan for the business, which can be approached in either of two ways: expanding current data protection programs or start to build ones that are based on CCPA requirementsBalance of cost-effectiveness, branding, and other needs satisfaction   
Design and buildImplement the qualified plans on seven workstreams: Policy management, Data lifecycle management, Individual rights processing, Privacy by design, Information security, Data processor accountability, Training and awarenessInability a sustainable compliance
Operate and monitorEstablish a continuous monitoring program to maintain the accountabilityLeverage of the third defense against periodical audit from CCPA 

It is important to note that regulations and frameworks are the stimulation to facilitate a long-lasting, trustworthy relationship with the customers. In an increasingly and intensively competitive market like retailing, business leaders need to take this into the heart of their practice and spread it out to the entire organization to stay long and healthy in the game.