Here’s a cold reality that anyone who works in IT security will not like: Your customers don’t trust you to keep their personal information secure.
A Harris poll from last year found that less than half of Americans trust the government with their personal information. Frankly, I’m surprised 48 percent actually trusted the government, considering the poll took place in the midst of the Edward Snowden NSA-spying revelations.
Government isn’t alone. HyTrust recently conducted a snap poll where the company asked the question: “Do you REALLY believe organizations care about your private data and keeping it safe and secure?” Of the 2000 respondents, 72.5 percent said “no.”
Is that because of the Snowden disclosures? Or is it because of the high-profile breaches that have resulted in many consumers getting unrequested new credit cards in the mail? Or is it because of the constant software patches and drive-by malware attacks occurring while visiting trusted websites?
It’s probably a combination of all of these things. In any case, Eric Chiu, co-founder and president of HyTrust, said in a press release that the level of distrust of the consumer is breathtaking, adding:
Many organizations maintain that they’re doing everything they can to protect private customer information, but the public at large believes otherwise. And in industries where data security is vital—retail, financial services and healthcare, for example—this lack of confidence will inevitably have a negative impact on the bottom line.
How do companies regain the trust they have lost? Maybe the same way you get security best practices through to your employees: through education and communication. In a New York Times article that focused on how Target could regain consumer trust after its breach, Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, a nonprofit consumer education and support organization, was quoted:
People tend to be frightened about this, and I think they [Target] could have been more forthcoming in terms of giving appropriate advice to consumers about how to handle it.
Building trust requires transparency. Consumers want to know what’s going on, and they want to know sooner rather than later. The government can help by instituting improved and nationally consistent data breach laws. Trust also requires that companies let consumers know what steps they will take to protect consumer privacy, and provide options to allow consumers to do more to protect their own information. For example, I’ve noticed that it is getting more difficult to delete my credit card data from certain online vendors and even more difficult to automatically opt out from auto-renewals. And, as Kenneth K. Dort, a partner in the intellectual property practice at Drinker Biddell & Reath, said to the New York Times:
Don’t hide anything. Just be out there. Tell them what’s going on, where you’re going to go and what you’re going to do.