With Enza Iannopollo

Customers value tailored offerings. And consumers are increasingly aware of what Forrester calls the “privacy-personalization paradox” — that is, the paradox between their desire for personalization and their desire to keep their data private. A 2013 survey by Populus for Sky IQ of 3,097 UK adults found that 51% believe it is useful for brands to know some information about them, and 53% trust brands to act responsibly with their data. The same survey reveals that 79% respondents are careful about the type of information they pass to organizations, 63% worry about how much personal data they have revealed online, 48% say that data privacy is an issue they think about, and 46% do not trust social networks with their personal data.

Yet, the ruling by the European Courts of Justice in May 2014 that an individual could demand that "irrelevant or outdated" information be deleted from results reminds CIOs that privacy management needs to be a top business priority. Privacy regulation is now a topic that no CIO should underestimate as a major risk factor for businesses. CIOs who underestimate privacy regulation risk large fines for their organization, undermine their organization’s reputation and trust, as well as risk losing their own jobs. But those businesses that design their IT infrastructure with privacy regulation in mind build a competitive advantage for the age of the customer. Our report Customer Privacy Is A European CIO Priority highlights that the successful CIO:

  • Makes privacy a top priority for the CIO office. In the age of the customer, customer privacy ranks higher than ever in the list of CIO priorities. Customer privacy protection goes beyond the tasks of the risk officer. Successful tech management teams will include privacy protection in their tasks. The CEO, and ultimately investors, will hold the CIO responsible for ensuring customer privacy with technology tools that protect customer data.
  • Recognizes privacy as the building block for customer trust. An increasing number of businesses recognize privacy to be part of their product and service strategy. Although trust and customer privacy are not new topics, we detect more sustained efforts by businesses to improve the way they engage with customers. Ensuring customer privacy is central to building trust with customers. And trust is a main asset in digital times.
  • Understands customer data collection and use practices. Make sure that you are complying with existing privacy regulations. Provide customers the opportunity to opt out of data collection schemes. Prepare for data breach notifications. Be ready for the moment when customers come to you and demand answers as to what data you hold about them.
  • Knows that deleting customer information can be tricky. Many businesses store customer information redundantly, for instance for each division or each country operation. Such data may well have been backed up on several servers, often in different locations. Some customer data might have been shared with or sold to partners or third parties. These complex structures of customer data storage turn a comprehensive data deletion into a difficult — some say impossible — exercise.

Navigating the privacy challenge means that firms must elevate privacy conversations to the board level and embed privacy in their business process planning. This discussion has to involve the CIO, risk officers, and business leaders from divisions as varied as product development, human resources, and marketing. Leading businesses will embed privacy policies into their strategic business decisions and use it as a competitive advantage.