Yesterday’s decision by UK citizens to leave the European Union (“Brexit”) brings about short-term uncertainties and unintended consequences that will make it harder for UK businesses to keep customers and attract talent. While times of high-market volatility can tempt firms to panic and cut spending on customer-focused initiatives, now is the time to drive innovation in order to win, serve, and retain customers.
As decisions over the next several years are determined by legislators and driven by compliance, UK companies will be challenged to operate as customer-obsessed firms. Forrester believes that the UK’s decision will have five major implications, including:
Digital and customer-facing talent will migrate out of the UK. Concerns about immigration laws (i.e., who will have the right to stay) will both drive footloose talent to look for jobs abroad and dissuade others from coming. And CIOs will find it even more difficult to recruit already-scarce developers and engineers to build customer-facing systems.
Product and delivery innovation will slow. Companies will now have to spend more time and effort to deliver products across borders and less time innovating on new customer-focused solutions.
Back in 2013, we conducted a study to figure out how the “summer of Snowden” was affecting consumer opinion on privacy. A year later, we combined that data with a current pulse of consumer sentiment, and found that mainstream attitude signaled imminent behavior change.
Fast forward another year: Today, US presidential candidates are talking about privacy and personal data protection during the pre-primary season. We have recently witnessed three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. So, we ran our study a third time, and incorporated behavioral tracking data into the methodology.
Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm. And, Forrester’s Consumer Technographics® data shows that this story pertains to millennials and their older counterparts alike:
Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study.
Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.
Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm.
And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.
The big public cloud providers, most of which are still from the United States, sometimes have a hard time finding ways to balance their legal obligations at home with the quite different sensitivities they encounter amongst their new international customers. For a long time, the toolkit has been pretty consistent: site data centres as close to the customer as possible, vehemently support political efforts to harmonize laws, and ocassionally be seen to stand up to the worst execesses of Government over-reach.
(Source: Flickr user Luigi Rosa. Image licensed under Creative Commons Attribution License)
Microsoft's announcements in Germany today appear, on the surface, to follow that model pretty closely. But there's a twist that's potentially very important as we move forward.
First, the standard bit. Microsoft, yesterday, announced new data centres will be operational in the UK next year, joining existing European facilities in Dublin and Amsterdam. Big competitor Amazon did much the same last week, announcing that a new UK data centre will be online in the UK by "2016 or 2017." Given the vague timescales, it might be easy to assume that Amazon was trying to steal a little of Microsoft's thunder with a half-baked pre-announcement. And then, today, Microsoft announced two new data centres in Germany. Amazon already has a facility there, of course.
When evaluating the top 10 critical success factors that will determine who wins and loses in the Age of the Customer in 2016, it comes as no surprise that privacy is one of them. In fact, privacy considerations and strategy augments all of the 10 critical factors to drive business success in the next 12 months.
So, what does this mean for businesses moving forward?
Businesses are moving toward personalization, which means they’ll increasingly collect personal data to get a better idea of what their customers want and need. In the age of the customer, defined by Forrester as a 20-year business cycle when successful enterprises will reinvent themselves as digital businesses in order to serve their increasingly powerful customers, protecting customer data is a critical aspect of fostering trust and building long-lasting relationships.
Regardless of location, all countries should have this goal in mind, but privacy regulations vary from country to country and often conflict with each other. For global organizations, navigating these laws can be daunting. To help businesses tackle this challenge, Forrester published its 2015 Data Privacy Heat Map. Originally created in 2010, the tool leverages in-depth analyses of the data privacy-related laws and cultures of 54 countries around the world, helping security leaders and decision-makers better design their own approaches to privacy and data protection.
Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid. Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake.
Let's start with a primer on Safe Harbor. If you're a multinational company doing business in Europe, Safe Harbor is the agreement under which you've been allowed to bring European customers' data back into your servers in the US for purposes of targeting, analytics, campaign management, etc. If you work with a US-based database MSP, digital or CRM agency to manage customer data, they've likely been relying on the same agreement. It's a nearly 20-year old agreement that was put in place to bridge the gap between Europe's strict data protection laws and America's relative dearth of them.
Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Of course, this is primarily the purview of our technology management peers. But customer insights professionals need to partner closely with them on two fronts:
Speak up about your third-party data sharing practices. This includes sharing between business partners (for example, passing customer data to a firm that administers your loyalty program or manages warranties), sharing CRM data with digital marketing vendors, and even using third-party tracker on your website that collect IP addresses. Any third party data sharing could come under scrutiny from the European Data Protection Authority, so you'll want to have a consent-based model for collecting and sharing that data soon.
Forrester’s Security & Risk Analyst Spotlight - Chris Sherman
The title hasn’t yet been put to client vote, but Chris Sherman may be the renaissance man of Forrester’s S&R team. As an analyst, Chris advises clients on data security across all endpoints, giving him a broad perspective on current security trends. His experience as a neuroscience researcher at Massachusetts General Hospital also gives him insight into the particular challenges that Forrester’s clients in the healthcare industry face. Lastly, when he hasn’t been writing about endpoint security strategy or studying neural synapse firings, Chris flies Cessna 172’s around New England. Listen to this week’s podcast to learn about recent themes in Chris’s client inquiries as well as the troubles facing a particular endpoint security technology.
Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business priority for companies of all sizes and across industries.
But where do you start? Many companies start by hiring a chief privacy officer. Some have built brand-new privacy teams that manage privacy for the whole firm, while others prefer a decentralized model where responsibilities are shared across teams. What are the pros and cons of each approach? Which organizational structure would better meet the needs of your firm?
And when your privacy organization is in place, how do you establish smooth collaboration with other teams like marketing and digital, for example? Too often we hear that privacy teams do not have the visibility that they need into the data-driven initiatives happening within the company. When this happens, privacy organizations are less effective and the business risks failing its customers, undermining their expectation for privacy.
During the session, we recapped the highlights—and lowlights—of privacy in 2014, discussed some of the major trends and issues in the space, and made some predictions for 2015 and beyond.
What stood out for me, as a customer insights (CI) professional, is how critical our teams are to the work of privacy and how much we must guide the process of contextual privacy. There is a lot of work to be done to build stronger organization-wide consensus around better privacy. Like they were the nexus point between business technology and marketing teams, CI pros are now the nexus between security, legal, and marketing teams.
I’ve linked the full session below. Please enjoy, and please consider getting involved in Data Privacy Day 2016 - the effort could use more marketers and business leaders.