Data Collection Ethics: Bridging the Trust Gap

Who is responsible for data privacy and collection? Recently, KPMG surveyed 2,000 U.S. adults and 250 decision-makers involved with security, privacy and data at companies with more than 1,000 employees. The overall consensus in the report is striking: there is a vast gulf between how businesses and the general public view data collection ethics.

Read more: Best Threat Intelligence Platforms & Tools for 2021

Business Leaders Are Too Confident

According to the KPMG report, business leaders are ramping up data collection.

• 70% said consumer data collection grew over the past year
• 62% said their companies should do more to protect customer data
• 33% said consumers should be more concerned about their data
• 29% said their company sometimes uses unethical data collection methods

Business leaders may also be overconfident about their company’s ability to handle a data breach. Ninety-two percent of surveyed leaders felt they are prepared for a data breach, and 95% said their company has very strong data security measures in place. However, many employees stated they weren’t getting adequate training.

For example, on password security training, only 47% of full-time and 42% of part-time employees said they had received training. The percentages are lower in data protection, email security, privacy, privacy policies, and phishing scams training. Unfortunately, the statistics show a disconnect between the leadership and the company’s employees.

Consumers Question Corporate Data Collection Ethics

The U.S. general population is increasingly suspicious of data collection. Survey respondents expressed growing resentment — even towards their employers.

• 86% are concerned about data privacy
• 68% are worried about the amount of data collected
• 40% don’t trust the data collection ethics of companies
• 30% don’t want to share any personal data for any reason
• 13% don’t even trust their employer’s data collection practices

It’s worth noting that consumers view data collection differently across different sectors. According to another survey on data collection from McKinsey, 44% of respondents said the healthcare and financial industries are the most trustworthy when it comes to protecting their privacy and data; only 10% said they most trust consumer packaged goods or media and entertainment companies.

Data Collection in the Time of Covid

Public concerns may be growing as a result of the COVID-19 pandemic. An IBM report on data breaches found that remote working due to the pandemic is affecting breach response times.

“At organizations with a greater than 50% remote work adoption, it took an average of 316 days to identify and contain the breach,” read a Security Intelligence analysis of the IBM report. “Compared to the overall average of 287 days, increased levels of remote work appeared to make containing a breach take nearly a month longer.”

Since the pandemic began, remote workers have expressed concerns about not receiving data privacy training. They worry they would be held accountable if a data breach occurred.

Data Collection Best Practices

Are there any solutions to bridging the trust gap? The KPMG report outlines several ideas for company leaders to win back suspicious consumers.

• Practice transparency. Three quarters of surveyed consumers wanted companies to be more transparent on the use of their data.
• Give consumers more control. Consumers expressed interest in choosing how widely a business shares their data, as well as viewing data the company has already collected on them.
• Make data anonymous. Anonymizing data preserves the value of consumer data to the business without risking protected personal information.
• Take accountability. Half of surveyed consumers said they don’t know how to protect their data. An overwhelming majority (88%) said they want businesses to take the lead in establishing data responsibility policies.

Above all, businesses should act ethically when data collection goes wrong. Most of the consumers surveyed said didn’t trust corporations to protect their personal information. When a data breach does occur, don’t try to hide it. Have a disaster recovery plan in place, and explain your remediation steps to alleviate public fear.

Read next: Are You a Data Hoarder? The Dangers of Data Hoarders in Business