Let me tell you about a call I had the other day. The one where the chap on the other end of the call used the expression, “the privacy paradox”.
Yes, I was impressed. This particular fellow was complaining about the fact that people like me (he used the accusative, “people like you” quite a few times) who talk about customers and their expectations of privacy and data protection appear to be out of step with his observation of actual customer behaviour.
“I mean look at our website analytics!”, he insisted.
“Nobody ever visits the privacy policy page!”
He was right of course. The analytics appeared to support his argument. They even revealed that those few who did visit the privacy policy page didn’t stay for very long. Facts indeed. On the basis of this evidence, nobody visits privacy policy pages.
And yet those statistics, those facts, tell a very different story.
The privacy paradox outlines a situation where people (your customers for example) want your business to be respectful of their privacy and to deploy effective data protection measures to look after their information when you collect it from them.
The paradox happens when, having said they want privacy, people then share their personal information in ways that compromise their privacy.
I sometimes hear the privacy paradox being used to suggest that people can be, “careless” or “stupid” when it comes to sharing their personal data.
Which always reminds me of a quote by the great advertising man, David Ogilvy,
“The customer isn’t stupid, she is your wife”.
So can we agree that customers aren’t careless or stupid when it comes to their expectations of privacy when sharing their personal data?
Instead, people simply don’t understand how to protect their own privacy.
And they don’t understand because most businesses make such an awful hash of their published privacy information. Which makes it really difficult for customers to protect the value in their data. They don’t understand because your business doesn’t tell them or doesn’t make it easy for them.
This is caused by either ignorance or deliberate obfuscation on the part of the business.
And all it leads to is confusion.
Your published privacy information is confusing. Your staff are confused. Your customer is confused.
Going back to my new friend with the website analytics which demonstrated, for him, the futility of a website privacy policy. Together we took a walk through his website, looking at it from the point of view of a customer with reasonable expectations of privacy.
All such a customer really wants to know is this,
“If I give you my information, will you cause me a problem? Now or in the future?”
For that customer to be prepared to share their data with you the answer in their mind needs to be “No”.
...and there needs to be some evidence to lead them to that conclusion.
So we looked for some.
Was there a privacy notice at the point of data collection?
We looked around the newsletter signup form – no.
We looked at the enquiry form – no.
We looked at the booking system – no.
Although the booking process did include a tick box which forced people to, “agree to our privacy policy” as part of the booking. Uh, ok...
Eventually we found the privacy policy (which isn’t a privacy notice by the way, the two things do very different jobs). It was the very last link in the footer of the home page. Presented in the smallest font size used on the entire website. It’s almost as though it didn’t want to be found.
Which helped to explain why very few people ever visit the page.
Visiting the privacy policy page and reading it was really interesting. No wonder it didn't want to be found!
It was utter nonsense. It still referred to a data protection act from a previous century. It hadn’t been updated for years. It looked very much as though someone had copied and pasted paragraphs found on the internet and plonked them into the page. It was misleading, it was factually incorrect, it was wrong, it was confusing.
No mention of customer rights or how to invoke them. No clear information about the intended use of customer data. Just lots of sweeping generalisations.
It was at this point that my new friend admitted that he had never actually read the privacy policy himself.
We need to do better.
In the UK a lot is changing in the way personal data is used and how that use is regulated.
Artificial Intelligence looks as though it is going to have an impact on people’s lives. Certainly on the way businesses use their data.
There will soon be changes made to the Data Protection Act, which many hope will make it easier to work with. Whether it really does get easier remains to be seen, so there will be confusion while the changes are introduced (they haven’t been finalised yet, at time of writing the bill is still working its way through parliament)
The threats to privacy and the value of data have never been greater. Phishing, smishing, ransomware, identity theft, spear phishing. Data breaches are now a fact of life. Businesses can mitigate the effects when they make the effort to do data protection better. Individuals can mitigate the effects by following such efforts with their next purchase.
If you want to be part of the "data economy", you need to be able to collect data from people. Not just customers! Do you recruit employees? What happens to their personal data?
“If I give you my information, will you cause me a problem? Now or in the future?”
The problem is most businesses aren’t making enough of an effort to earn customer trust.
A certain level of trust which will encourage a customer to share their data in the future. No trust means no data, which means no purchase, no booking, no cash.
The ability to use personal data will belong to the business which engages and informs their customers with useful privacy information. Helping them to understand how to protect themselves.
Informed customers make better decisions. And if you inform them properly, they will reward you for it.
If you don’t help customers to understand how to protect themselves and their information, you will probably still get their booking today. The privacy paradox suggests that in the absence of support people will still share their data to gain access to what’s right in front of them. But you won’t get their next booking. That will go to a business which has decided to do this better.