Good governance and reliable data management are not only compliance and brand issues, but they are also increasingly an issue of commercial differentiation.
That is one of the main outtakes from Deloitte's fourth annual assessment of the privacy practices of Australia's top 100 brands. It revealed that consumers choose and prefer brands that are transparent about how they use data.
“Honest communication about which data is being used for what and why will be essential for future value exchange,” Tommy Viljoen, Cyber Risk Services lead partner at Deloitte said.
Deloitte assesses the public face of the privacy practices of the top 100 brands and ranks them by sector. In 2018, the Information & Technology sector was ranked first, against ninth last year, while Financial Services was second.
Last was the Energy & Utilities sector, which fell from fourth position last year, while Education & Employment was ninth.
“There were some big changes in the sector rankings this year given the focus on transparency of personal information processing,” David Batch, Deloitte’s National Privacy and Data Protection Lead said.
“This meant that brands that offer primarily digital goods and services ranked better on transparency measures and IT was the standout.”
Deloitte also interviewed 1,000 Australians aged 18 years and above and asked them about the data they provided to brands in return for goods and services.
The survey asked what factors influenced their decision to share personal information, with 69% saying that trust in the brand was "most important" when deciding on sharing personal information.
Brands are also more likely to lose consumer trust and damage their reputation if data is used for the cross-selling of personal information, according to 68% of respondents.
Another 58% said they disliked inappropriate marketing, and 54% said they disliked it when data was traded to enable sales.
Australia now has a mandatory reporting of data breaches since February this year, and 90% of the survey respondents said they expected to be notified if their details were involved in a breach.
A breach in itself does not destroy consumer confidence in a brand, however. Seventy-six percent of survey respondents said they would be more likely to trust a brand after a breach if there were timely notifications, a detailed explanation and remediation plans and ongoing notifications on progress.
“Brands have to amend their privacy practices to meet both consumer expectations and regulatory changes,” Viljoen said. “The increasing emphasis on consumers owning and having control over their data is a seismic change to the status quo.”