While privacy used to be the purview of the legal department, it’s becoming a cross-functional business imperative. The reason is simple: in today’s world, consumers are more aware than ever. They know their data is increasingly being collected and used for purposes beyond their control. And thanks to ubiquitous data breaches across industries, they know the danger this poses.

In addition to consumer demands, new legislation, such as Europe’s GDPR and California’s CCPA, is placing new legal demands with corresponding repercussions on businesses.

Within this new climate, it’s no surprise that privacy and trust are increasingly becoming hot topics for everyone from legal to marketing to IT. It’s also an interest for us at Sitecore, so I was excited to attend a panel discussion, “What makes you trust me? Perspectives on trust in an age of privacy and digital caution,” at Sitecore Symposium 2019. The panel consisted of:

  • Ishraq Al Fataftah

    CTO, Applez Tech

  • Rachael Ormiston

    Director, Global Privacy and Data Security Counsel, Sitecore

  • Alison Sainsbury

    Senior Marketing Consultant, Sitecore

  • Amanda Shiga

    Senior Product Strategist, Sitecore

  • Luke Williams
  • Assoc. Director, Digital, Australian Catholic University

Each participant brought a unique perspective and had relevant things to say, and while I’d love to point to every one of their individual contributions, doing so would make this blog chaotic. Instead, I group their collective insight under themes that bubbled up throughout the discussion.

Compliance or trust?

The first thing everyone clearly agreed on was that we all need to move from thinking about data and privacy from a compliance perspective to thinking about it as an opportunity to demonstrate trustworthiness. While this may sound like a subtle shift, it creates a huge difference in approach. We’ll get into the specifics of this difference in a moment, but first let’s consider some of the common challenges businesses face today.

Common challenges

Keeping up with a shifting legal landscape

While GDPR and A.B. 375 have been on the books for a while, precedent is still being set as to what they actually mean in practice, not to mention their consequences for organizations.

One panel participant hit upon this issue while admitting that their organization is still not completely compliant with GDPR. While only about 2% of their revenue comes from students in Europe, they admitted they still should be compliant. However, the journey to compliance is a process, and while they’re on that journey, the panelist was more concerned about building and instilling solid practices, systems, and processes that are actually worthy of their customers’ trust versus ones that just make them compliant.

Is that personal?

Connected to this challenge of compliance is determining what actually counts as personal data. This can change from situation to situation, but it’s a challenge every organization faces.

Why do we have that?

The panel also agreed about another challenge: knowing what data you have and where you’ve stored it. Given that data has been considered the new gold (or oil) for the past ten years, it’s no surprise that everyone is racing to collect it. The problem is that we’re often not sure why we’re collecting what we are, how we’re going to use it, nor where and how we’re storing it.

The new gold is trust

Amanda Shiga (who has written on trust and compliance for us before) referenced studies conducted this year which found an interesting correlation — companies that are fully compliant are outpacing those who aren’t on essential KPIs like revenue, retention, and customer satisfaction and loyalty. While correlation isn’t causation, the data does suggest there’s a business case to be made for compliance (and likely the processes that surround it).

From the perspective of compliance, ensuring personal data is stored and used correctly, transparently, and securely is a headache. But even while there’s a business case to be made for being compliant, the panel still agreed this is not the ideal perspective. The best approach? Building brand trust.

Getting trust right… and wrong

Some brands understand this and are racing ahead. The panelists each shared examples of brands who are getting this right, as well as some who are getting it wrong.

Some brands go beyond posting the necessary legalese on their sites. On top of this, they offer clear examples using text, graphics, and even videos that lay out what data they’re collecting, what they’re doing with it, and why this benefits the customer.

A more specific example was shared about a data breach at a small UK bank. Instead of trying to hide, the bank was extremely fast to respond. They discovered who was affected, let them know, and issued new cards immediately. Then they blogged about it. Their customers were pleasantly surprised, and they turned a PR nightmare into a widely shared story about brand trust.

The last example I want to highlight is the difference between the experiences a panelist had on two different sites. One was a bank website that offered a button to chat with a person (not a bot) during each moment of the journey. Another was an internet provider’s site, which offered no way to contact a human at any point. 

“Cynicism is a barrier to trust.”

Luke Williams

The message was clear. The bank wants to talk to their customers at whatever point they desire to reach out. The internet provider, on the other hand, doesn’t want to hear from their customers for any reason. Who would you trust?

This last example is crucial because it reveals how trust is about more than compliance to laws. As Luke Williams said at one point, “Cynicism is a barrier to trust.” This holds across the entire journey. Think back to the internet provider: they don’t want to hear from you at any point; how would you feel handing them over all browsing data?

Building trust

In closing, I’ll leave you with several points that capture the collective insight of the panelists on how to build brand trust:

  • View trust as a brand imperative

  • Build cross-functional teams who value and work toward trust

  • Only collect the data you actually need and can use

  • Collect data across the journey, when you need it, not all up front — ask yourself, would I ask this person for this information if I was meeting them face to face for the first time in my store?

  • Show the value you add by collecting data

  • Be transparent

  • Ask yourself, what if we had a breach? what data could we legitimately justify having, using, or having shared?

  • A permission button is not enough

Trust, privacy, and security are all essential today, but most of us are still on the journey. At Sitecore, we’re committed to empowering our clients to not only be compliant but to build trust. If you have questions about how our solution can enable you to be compliant and build trust with your customers, check out our Trust center or reach out to our team today.

Mohan Kasibhatla is Vice President of Product Marketing at Sitecore. Find him on LinkedIn.