The Most Common Reasons for Data Privacy Complaints

KPMG report on privacy consumer atitudes

In a recent KPMG survey of 2000 individuals and 250 businesses in the US on data privacy. It was reported that;

• 86% of consumers said that data privacy is a growing concern for them, 68% were concerned about the level of data being collected by businesses.
  
• 48% of consumers have stopped shopping with a specific entity due to privacy concerns.
  
• 40% don’t trust companies to ethically use their data.
  
• 37% have ended relationships with a business or service provider over the use of their personal information.
  
• and 30% aren’t willing to share their personal data for any reason.

In the same survey, business leaders were also asked about their views on data privacy. They reported that 70% say their company increased collection of consumer personal data over the last year, 62% say their company should do more to strengthen existing data protection measures, while 33% of them admit that consumers should be concerned about how their personal data is used by their company.

Together, these numbers show some worrying gaps between businesses and their customers that needs to be closed and awareness is the first step which is why this training will help.

Businesses need to do more on privacy as the KPMG report above shows us. Common excuses such as we’ve been fine up to now, were too small to be overly concerned, it’s too expensive or we dont have enough bandwidth have all been used and eviscierated by hackers by thousands of other companies. Having that said, here are some recommendations from various authoratative sources that may help the business community.

• Make sure that your practices around consent are fully aligned with data privacy transparency and fairness requirements. Unclear or deceptive practices have led to some of the largest fines in history in courtrooms in Europe and the US.
• Demonstrate even more transparency and confidence through activities like regular independent audits and industry certification exercises. These practices however should be more than just box-ticking and more of an opportunity for genuine improvement throughout the organization. Things to pay attention to include adherence to data privacy principles in business processes which is demonstrable at every step from development to execution and monitoring.
• Businesses need to build up good relations with data protection authorities, consumer advocacy groups and reporting bodies in the information privacy space. Taking onboard their advise and proactively asking for opinions on privacy matters shows a real commitment to privacy and not just lip-service. Many authorities such as the Irish data protection authority have a list of complaint case studies which are useful in researching common consumer complaints.
• Customers also need to be made aware when new business relationships and processes come into force that may effect processing of their data such as new marketing arrangements or other new service providers using customer data. Failing to do this can lead to massive customer blowback when that third party is breached and customers realise that there data has been somewhere they didnt know about or agree to.
• Businesess at every size need to conduct regular independent security testing which includes ethical hackers who simulate tactics of e-crime groups. These are sometimes referred to as Red Team exercises where test phishing emails are sent, social engineering tricks are used and passwords attacks are used to escalate privileges.

Customers are often blindsided by business bad practices until it’s too late and data has already been stolen. Here are some of the things you can do to protect your privacy before you descide to give someone your business.

• Look at their website to ensure they have some of the privacy basics such as an actual privacy policy. Ask about who your personal data is shared with, preferably not a data / ad brokers who will further seek to monetize your data. You can find a list of data brokers Here
• Ask them about any security industry certificate that the company currently has. Common ones are ISO 27001, SOC2, CSA Star.
• Ask about their processes for providing copies of your personal data on request and the level of control you have over your own data once they start processing it.
• Check search engines, consumer reporting agencies and data protection authorities for any derogatory information about the company you plan on doing business with. You dont want to find out after the fact that they’ve just been breached due to negligence after you’ve signed up for a service.
• Ask about their data retention policies, this is to ensure your data is not retained after your stop service with them. You dont want to be in a situation where hackers access your records even after you’ve closed your account several years prior.
• Find out about their process for incident handling and reporting if a data breach does happen. Companies are required to have an incident handling and reporting process under data protection law, make sure they can answer the question when you ask or look on their website.

Data privacy is an important topic for everyone in today’s world. That’s why we created resources for those interested in the area. The first resource is our YouTube channel dedicated to privacy and cybersecurity matters. It’s a great channel with lots of useful, free content. So, be sure to check it out by clicking on the button below and clicking the SUBSCRIBE button if you find it useful. You can also connect with us on Facebook and Linkedin to follow the work we do.

The second resource is our online shop. It contains many training presentations and tools suitable for businesses on data privacy and general cybersecurity topics. Awareness is the key to battling so many serious issues in the cyber space such as phishing and ransomware. Data breaches are averaging $9m per incident and the average ransom is in the region of $2m while the FBI reported 859,532 complaints of suspected internet crime and details reported losses exceeding $16 billion—a 33% increase in losses from 2023. So checkout our shop using the button below and see what we can do for you.