Consumers and business leaders have different priorities when it comes to data privacy, according to recent studies by Cisco Systems.
The contrast was revealed in the latest version of Cisco’s annual Data Privacy Benchmark Study, released for Data Privacy Week. Done last summer, the survey of more than 4,700 security professionals from 26 geographies included more than 3,100 respondents who were familiar with the data privacy program at their organizations.
They listed compliance with privacy laws as the most important priority for building customer trust, followed by transparency about how customer data is used.
By comparison, the report notes, a Cisco study of consumer attitudes done at the same time listed transparency as the top priority, followed by not selling personal information, and compliance with privacy laws.
“Certainly organizations need to comply with privacy laws,” says the Privacy Benchmark report, “but when it comes to earning and building trust, compliance is not enough. Consumers consider legal compliance to be a “given,” with transparency more of a differentiator.”
Among other findings
— 95 per cent of officials surveyed said privacy is a business imperative, up from 90 per cent in the 2021 study;
— 94 per cent agreed customers would not buy from them if their data was not properly protected;
— 95 per cent said privacy is an integral part of their organization’s culture, up from 92 per cent last year.
— respondents estimated the average spend on privacy at their organization was US$2.7 million, up from US$1.3 million three years ago. The most significant growth from 2021 to 2022 occurred at smaller organizations. Privacy spending at organizations with 50-249 employees increased more than 17 per cent to US$2.0 million, from US$1.7 million;
— respondents also believe the estimated dollar value of benefits from privacy were up significantly. The average estimate rose more than 13 per cent, to US$3.4 million, from US$3.0 million in the 2021 survey.
The report recommends organizations continue to invest in privacy and build privacy capabilities throughout their firms, especially among security and IT professionals and those who are involved directly with personal data processing and protection.
Firms should also be more transparent with customers about how their personal data is being used. “While organizations need to comply with the law, compliance alone is not enough; transparency is key to trust,” the report says.
If using artificial intelligence (AI) in solutions, they should be designed with AI ethics principles in mind, it adds, providing preferred management options to reassure customers, delivering greater transparency to the automated decision, and ensuring that a human is involved in the process when the decision is consequential to a person.