A new study from professional services firm KPMG finds that over half of Americans are no longer comfortable with their personal data being in the hands of private companies.
97% feel that data privacy is important to them, and 87% take it a step further in believing that it should be considered a human right, but 54% feel that companies cannot be trusted to use their personal data in an ethical way. On the specific subject of the sale of personal data, 68% believe that companies will not do so in a responsible way.
America’s growing demand for ethical handling of personal data
Since large-scale internet-based collection of data began roughly two decades ago, businesses have tended to operate under the assumption that consumers will either be unaware of data privacy as a concept or at least will be willing to trade away quite a bit of it in return for some sort of benefits. This study is another piece of evidence that indicates awareness in the US is becoming mainstream and that public attitudes are shifting strongly in the other direction.
Among the other key findings of the survey, roughly the same amount of respondents that do not trust companies also wanted increased control of their data (56%). An overwhelming 84% are in favor of state-level legislation that mandates that level of control.
Sentiments toward data collection and protection are similar: 53% of respondents don’t trust companies to be ethical in their collection practices, and 50% don’t trust them to secure consumer data properly. The greatest security concern is theft of a social security number (83%), something that private businesses have widely come to rely on as a personal identifier. 69% are highly concerned about theft of their credit card numbers, and 49% are similarly concerned about password theft.
Consumers are markedly more confident in the ability of organizations to properly handle health care information than any other type of personal data. 57% trust companies with this data, and only 16% indicate that they are concerned about it being stolen. This outlier attitude might be chalked up to a combination of a relatively low incidence of patient care data breaches combined with public awareness of the enhanced HIPAA regulations that have been on the books for almost 25 years now.
The COVID-19 pandemic may have accelerated this trend. 75% of respondents say that the situation has caused them to be more conscious of personal data privacy. However, they are also generally very favorable to giving up some of that privacy for measures specifically designed to fight the virus (such as contact tracing and having their temperature taken at work).
Rules for thee, not for me?
Though Americans are increasingly expecting companies to be more secure and judicious in the handling of their personal data, they aren’t necessarily practicing what they preach.
Americans seem to understand the modern data security risks they face; around 3/4 of the respondents felt it was risky to reuse passwords, use public WiFi, or have a credit card saved to an online store, and 86% believe that they have a personal responsibility to protect their own data. However, over 40% do each of these things anyway. An additional 69% are not using any kind of security software on their mobile devices, and 61% are not using multi-factor authentication (MFA) when it is available. Personally experiencing a data breach increased willingness to use MFA by about 13%.
There is a strong and consistent belief that both government and private companies are the most responsible parties when it comes to protecting personal data. Over 90% of respondents feel that each group is responsible for protecting personal information, and that companies should have clear data privacy guidelines and policies. They feel equally strongly that companies need to take the lead in establishing corporate data responsibility and take responsibility for breaches.
Only 33% of respondents were aware of the California Consumer Privacy Act (CCPA), but over 90% supported the rights it establishes: data removal, transparency about how data is being used, opt-out rights and the right to non-discrimination in customer data use.
The ultimate question is whether consumers will take their business elsewhere if they feel that their personal data is not being kept private and safe. 46% now say they would do this solely on the basis of a privacy statement that they do not feel is adequate, before engaging in any transactions with the retailer. 44% feel that trading their sensitive data for benefits from a retailer is not a worthwhile exchange.
KPMG interprets these study results as a likelihood that either more states will follow in the pattern of the CCPA, or that similar federal legislation (akin to the EU’s General Data Protection Regulation) will be adopted before long. To their end, tech companies and online retailers have an opportunity to improve trust and relationships with customers by getting out ahead of this strong public desire before legislation forces their hand.