Over the years, we have seen prolific data leaks and breaches against organisations, almost daily, writes Dave O’Flanagan, Chief Product Officer, at the platform Sitecore. The most recent being the MOVEit hack, which exposed important and personal information from organisations including Sony, Shell, British Airways and others. It’s these kinds of breaches, and the sheer number of them which is making it almost impossible for consumers to trust that brands are taking the correct measures to protect sensitive information.
Despite these security shortcomings, brands continue to collect more data than ever in order to build personalised and relevant customer journeys and experiences. This is something our research shows customers value with seventy percent of consumers wanting brands to connect with them on a personal level. To make this connection though, brands rely on data. Couple this with the emergence of generative AI which requires vast amounts of data for training models, you can see why concerns will continue to be raised about the security and privacy of customer data.
A trust exercise
Brands face a tricky balancing act between consumer demands for personalisation and keeping personal information secure. With reputations on the line, success on both fronts is paramount. The key to this relies on the much-vaunted value exchange between brand and consumer, upon which trust is central.
Without trust it’s unlikely customers will interact or purchase from brands. Okta’s research showed this reluctance was as high as 85pc of consumers who said they were unlikely to purchase from a brand they don’t trust.
Every online interaction or purchase requires the consumer to trust the brand with their personal information. This can range from dates of birth, credit card details or shoe sizes, but whatever that information, brands have a duty to keep it safe and secure. While, in an ideal world, businesses would only collect vital customer data, limit who has access to it, and implement a strong data management strategy around its storage, best practice at the speed retail moves is difficult.
To mitigate against data breaches from the outset, every stage of the data sharing and storage process should be encrypted. This is something we practice at Sitecore. We never see any external data shared with us, it’s all encrypted and we’re trusted by the likes of L’Oreal to do this for 40 of its brands. Encryption reduces an organisation’s attack surface, limits the risk of data breaches and helps keep end-customers safe. When done well it also helps build the trust necessary to deliver the personalised experiences consumers look for.
There have been a raft of regulations implemented over the recent years to ensure brands and retailers correctly manage their approaches to data gathering. The most obvious of these is the European Union’s General Data Protection Regulation (GDPR).
GDPR aims to protect consumers from having their data shared and sold online without their consent. By and large, it has been a success. They have sparked significant improvements in the governance, monitoring, awareness, and decision-making around the use of consumer data. Also, because of the regulation, businesses worldwide were forced to take a closer look at their approach to consumer data privacy and security.
Many argue though, that the need for consumer approval has led to a clunky customer experience; the disruptive pop-up banners greeting users’ on websites and opt in questions around cookie consent are a persistent bug bear of many. Improvements on this in time are likely.
Generally, those gathering customer data have two safe options. Either they collect that data implicitly or explicitly. An explicit method could entail serving site visitors a questionnaire asking them about their age, gender, etc. whereas an implicit method may rely on tracking social media behaviour and cross referencing it with previous purchasing data.
Implicit methods used to be favoured however, with third-party cookie data looking like it may soon become a thing of the past, this method may become less effective. This poses a problem for brands.
Our advice is to use a set of explicitly asked consumer questions, such as age and gender, and combine this with first-party data sought from previous on-site purchases. This approach could become a winning formula in the cookie-less world, helping brands secure the information necessary to providing a great customer experience.
A helpful way for brands to think about personalising the online experience would be to replicate what happens in-store. When a customer walks into a shop they aren’t ignored. Nor are they bombarded with product offers. Instead, they are greeted with a smile and a few simple questions to make a personal connection, while being presented with relevant offers.
It’s clear that security and personalisation must come hand in hand. The more information customers give away, the more they expect brands to take care of that information. The balance between offering genuinely enjoyable experiences and ones that are safe is a must and the only way for brands to prove they’re worthy of consumer trust and loyalty.