Organisations in Australia face a significant challenge with data.
Consumers are willing to share their data if it means better personalisation.
On the other hand, there is a real concern about privacy, and while organisations are focused on looking for ways to prevent data breaches, efforts to do better to protect customer privacy are more haphazard.
Why organisations want data to deliver personalisation.
Personalisation is one of the most valuable reasons to collect and use customer data.
So it's unsurprising that personalisation is a key theme being talked about in marketing circles, and IT teams are being asked to work with data to deliver better personalisation.
There's a tension between the desire for personalisation and the risks of collecting the necessary data to deliver that, and Australian organisations have a long way to go to allay customer concerns around this.
Why personalisation and customer data is becoming a risk minefield.
Bitdefender data suggests that Optus got lucky, with 43% of Australians saying they would take their business away from a company following a data breach.
While the risk of cyber breaches is real and needs to be managed, the real challenge Australian consumers face with their data starts with a regulatory environment that has been very slow to catch up in these areas.
Data privacy online is governed by the Privacy Act 1988, and as that name suggests, that act was introduced well before the digital age turned consumers into mines of data.
Because the regulatory environment is so old, organisations have been able to capitalise on the data without fully being accountable for any risks to it.
This is what the government has since started to address with its Notifiable Data Breaches scheme and Consumer Data Right, both introduced following the wave of high-profile data breaches across Australian enterprises.
At the heart of these efforts has been a simple understanding: Consumers are indeed willing to release their data in exchange for the kinds of perks that personalisation can return to them - things becoming cheaper or more straightforward, for example.
Much of the discussion around data is currently focused on security - the idea of preventing breaches in the first place or, if a breach occurs, strategies and methodologies to minimise the data the criminals get access to.
As the OAIC data shows, one in four Australians now expect organisations to only collect the information that is strictly necessary to provide the service.
This is an important privacy step since it means that the amount of critical data a criminal would access in the event of a breach is then minimised.
In the event of a breach, Australians expect organisations to have a response plan that includes transparent, rapid communication and remediation steps for data that has been compromised.
What this means is that, if those companies are breached, the customer's data is likely to be exposed to greater risk and the organisation is unlikely to handle the matter in the timely and transparent manner that the customer needs them to to protect their privacy.
IT has a role to play here in helping to guide organisations away from seeing data as purely a security issue.
This Cyber News was published on www.techrepublic.com. Publication date: Tue, 23 Jan 2024 21:43:04 +0000