Big brands work hard to create “halos” around their products and services but becoming (and remaining) a trusted data controller has only recently become a bankable brand value.
Research by international credit reference and data company Experian suggests that some organisations are still blissfully unaware of the negative impact of a data protection breach. The research contrasts what big brands think about data security with the reactions of their customers. Over a third of the organisations felt that a data breach would have little or no effect on their brands whilst three quarters of their customers said it would affect their decision about using a company again.
It is likely that ABN Amro Bank and Nationwide Building Society, both of whom have had to deal with the fallout from serious data breaches, would endorse these findings. Yet there is still complacency; a recent damning report from the UK’s House of Lords Science & Technology Committee said the responsibility for protecting users fell to the IT industry, ISP’s and the banks. It criticised the present “Wild West” attitude of leaving Web security up to the individual as unrealistic and pointed to the “extraordinary complacency” of some banks.
Competitive positioning is also a factor. If one brand makes a virtue of careful data management and permission-only marketing it can gain an advantage over rivals. It is not altogether a coincidence that Microsoft – chasing both Yahoo and Google in the US search market – has recently announced that it will it will make search query data anonymous after 18 months by removing cookie IDs, IP addresses and other identifiers from search terms which will be held separately from account information. Readers of this column will remember that Google bowed to pressure from Europe’s data protection Tsars to do something similar just a couple of months ago.
Peer pressure can also have an impact as McDonald’s recently found with an SMS campaign that did not include the required simple unsubscribe in the message. It was the mobile marketing community – through the DMA and the MMA – which hounded McDonald’s for the omission because it ran the risk of bringing the industry into disrepute and could have a negative impact on individuals’ experience of using text as a medium.
Published December 2014
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.