My following blog has been published on the blog of the Bank Innovators Council on the 19th of December.
Edward Snowden, Facebook settings and the NSA have all contributed to the global debate around privacy, in particular around the gathering of personal data without user consent. While media exposure has increased public awareness on this topic, a similar debate is taking place within the corporate environment.
In this blog post, I focus on financial services firms. They store a large amount of personal data within their systems. Think about passport copies; account information; a customer’s health situation.
Increasing regulatory attention is being directed towards how companies treat such sensitive personal data. Recent data breaches (apologies for providing mostly Australian examples) make the case for enhanced regulations such as the improved Data Protection Directive to be launched in Europe in 2016 and amendments to previous privacy regulations (planned for March 2014)under the new Australia Privacy Principles.
Many companies argue that these types of new regulations negatively impact the customer experience they offer their customers. They say it forces them to focus on their internal processes, as opposed to on their customers.
I disagree strongly with this statement.
While many companies fail to inform customers about the collection and use of personal data, most customers are still aware that their data is used in order to service them better. Customers expect that data to be safely stored and used. This is the biggest issue for companies: oftentimes data is not adequately protected, resulting in higher risk or even privacy breaches, such as the recent example of Adobe losing data on 38,000 customers to a hacker.
Attention, companies: This will all negatively impact your customers and your company!
Aside from the negative impact of a privacy breach, there are customer experience improvements to be achieved as result of enhanced privacy focus. Please find my four reasons below:
- Safety and trust in individual relationships: Your customers feel their personal data is treated with more care by the company (actually they should have felt this in the past as well, but privacy breaches over past years have undermined this). This results in increasing customer trust….the core of every successful financial relationship.
- Improved brand perception: If the wider public knows your company pays attention to protection of personal data (their personal data) people will perceive your brand as the Volvo of the financial service sector.
- Better data analytics: Because you know where the data sits in your organization you are able to better perform analytics on customer data (at lower cost), while gaining an improved ability to profile customers and address their needs. This helps ensure you know your customers better than your competitors do.
- Improved service quality: Generally, the above three reasons should help improve service quality by supporting better data quality, better decision-making and a higher level of trust customer towards your firm and relationship manager.
The fact is that most companies underestimate the relevance of the current privacy debate for their company. They comply with regulations through an “in the box” solution, while ignoring the real risks. They probably make a trade-off between the chance things go wrong and the costs for getting it right (before it goes wrong).
The costs for each lost record (defined as one account number, or one name etc.) are high and the costs differ per industry. For the financial services industry, they are the highest of all industries except for healthcare. A yearly research study conducted by the Ponemon Institute on the cost of data breach shows the cost per lost or stolen record for the financial services industry to be USD $255. Looking at the example of Adobe (defining their industry as technology) they face costs of USD$ 129 per stolen record. Make the calculation yourself! Perhaps its time for companies to rethink the decision to limit or reduce investments around the privacy domain.
By the way, the worst customer experience you can have is your customer’s personal data freely available on the street or in hands of hackers!