I was disappointed – but not terribly surprised – to learn that Tesla employees routinely accessed and shared sensitive images and videos from customer vehicle cameras as a form of at-work entertainment. Apparently Elon Musk’s – shall we say, complicated? – views on free speech and data privacy have trickled down to the rank and file.
But I was disappointed because I’m co-CEO of a company that advocates for data privacy. I have the privilege of working with people that truly value protecting their consumers’ data and who pride themselves on complying with regulations. Perhaps we’re in the minority. The prevalent attitude of many companies seems to be that data privacy is a nice to have but not essential and that consumers don’t really need or care about privacy all that much.
Two ex-Tesla employees, speaking to Reuters, confirmed that they felt as though “customers had given their consent or that people long ago had given up any reasonable expectation of keeping personal data private.” That’s why I wasn’t surprised.
But times are changing. Following data privacy scandals like Cambridge Analytica, consumers care about data privacy more than ever. McKinsey reports that 87 percent of consumers refuse to do business with companies if there are any doubts about security concerns. So to stay competitive, companies must focus on proactively proving to customers that they are carefully and sensitively managing their customer data.
Show you care about data privacy
Every company has a boilerplate “we care about your data!” statement they issue to customers. But consumer trust has eroded sufficiently that these statements are not enough. After all, Tesla said in its customer privacy notice that data would only be used to improve Tesla products. Yet that didn’t stop employees from inappropriately sharing this data with colleagues for the sake of their own entertainment.
So what can you do instead?
Share safety measures
While the internal activity of your employees is definitely a concern, consumers are also worried about their personal data being accessed by an unauthorized external actor. In 2022 alone, there were 1,802 data breaches, with over 422 million individuals affected. To help reassure consumers that their trust is not misplaced with you, it’s imperative to demonstrate exactly how you safeguard their data.
There are a few ways to do that. First, look at where potential threats could occur. For example, many breaches arise from not properly vetting third-party vendors. One report this year revealed that 98 percent of organizations worldwide have experienced at least one breach arising from a third-party vendor in the last two years. That probably includes you.
To combat this, openly share with consumers how you vet third-party vendors. I recommend you share the results of your accredited audits, such as SSAE 16 or SOC 1 and 2, once you’ve tested and validated your vendor’s controls and safeguards against industry standards. Of course this doesn’t guarantee full security, but it’s a good way to prove to your customers that you’re taking steps to protect their data.
It’s also worth considering what you’ll do if you’re caught in a data breach. Over 40 percent of consumers report that “transparency and quick action after a breach” are important steps when it comes to building or rebuilding trust with a brand. While you don’t want to advertise to consumers that you anticipate a breach, it’s a good idea to prepare for what you would do in such an eventuality, and communicate to consumers that you have such plans in place.
Seek out independent verification
When you eat at a restaurant, that restaurant almost certainly has a food safety score prominently displayed, because they want you to be confident that you won’t get food poisoning when you have a meal there. While those reports are government-mandated, there are data privacy equivalents created by independent companies that you can take advantage of.
Typically, these verification approaches take three considerations into account. The first consideration is policies and compliance, which measures data privacy risk relative to applicable laws such as GDPR and CPRA. The reports also measure reputational risk and reflect whether data collection policies, usage practices, and sharing are clear both to consumers and to any buyers who use that data set. And finally, the reports verify trustworthiness by confirming that a company, website, or mobile app provider discloses who they are. This includes info like key executives, founders, investors, geographic locations of staff, and company history.
As you might imagine, working with an independent company to verify and improve your data privacy practices can help bolster your reputation as a company that takes privacy seriously. First, the results themselves will reassure customers. But also, by investing in this kind of voluntary verification, you’re putting your money where your mouth is. You’re telling customers that you care about data privacy and compliance.
It’s also worth highlighting that regulations are changing rapidly. While this kind of validation is currently voluntary, there seems to be clear regulatory and legislative momentum in this direction. Laws like COPPA, CPRA, and the European GDPR are just the beginning. Reuters reports that many new laws are coming online in 2023 and beyond. Voluntary independent verifications have the added benefit of ensuring you’re abreast of these regulations, and that you’re not unknowingly violating any legal regulations.
Give consumers more control
The third and simplest measure to reassure customers is to empower them. Tell them exactly what data you collect, why you’re collecting it, and – most important – how they can opt out of future data collection and delete the data you have previously collected if they want to do so. Again, this is currently voluntary, but there are indications that this will soon be a legal requirement. For an exemplary instance of this kind of data policy, I recommend looking to Eyeota’s privacy center. It contains direct links to all of the key privacy policies and disclosures, which are all written in plain English and clearly explain to users how data is collected, used, and how they can exercise their data rights.
Final thoughts
Truth be told, those Tesla employees are probably in the minority. I like to think there aren’t many employees who would willfully disregard customer privacy to entertain themselves. Even so, it’s crucial that every business that collects data – and that’s pretty much every business these days – create a transparent policy for how they are going to collect, manage, and store that data and communicate that policy to relevant stakeholders.
Hopefully this article has shown you the benefits of taking extra steps to demonstrate your commitment to data privacy by using measures like data privacy scores, external audits and reviews, and empowering consumers to make their own choices for their own data.