Most would agree that we live in a time where trust, particularly digital trust, is probably at its lowest point it has been for a while. We only have to look at the information disclosed within Wikileaks and the public’s reaction to it to see and understand how trust has been eroded because of the public’s breach of privacy and the general lack of transparency in both the public and private sectors.
Within this article, I will explore the link between privacy, trust and transparency and what we could do to increase the trust that people have with organisations they interact with.
First, let us try and understand the concepts of privacy, trust and transparency:
- Privacy – this concept simply relates to maintaining the privacy and confidentially of any interaction and information that an organisation has on its customers, suppliers and other third parties it deals with
- Trust – is the concept that third parties implicitly believe that their information and interactions will be kept private and confidential when they deal with another third party. This is usually an unquantifiable belief, but is critical in a business context since if a third party (client) does not trust an organisation, they are unlikely to do business with them
- Transparency – this is the concept of being open and honest when dealing with third parties. It is this openness and honesty that builds trust and goodwill which ultimately leads to people’s willingness to deal with an organisation and do business with them
As more and more organisations gather an ever-increasing amount of information on their customers, the concepts of privacy and trust become more important and intertwined. Maintaining the privacy of client data is paramount. We have all seen many examples of loss of customer data through security incidents. The immediate and lasting impact of this tends to be a loss of trust and the subsequent loss of customers and market share. Maintaining privacy of customer data is key to maintaining trust.
So having looked at the link between privacy and trust, let us look at how transparency then affects trust.
Transparency, is in fact, a cornerstone of trust. Unless one is transparent - open and honest, in dealing with someone, the notion of trust simply cannot exist. Let us now look at how this applies to the cyber world in an age where organisations are custodians of enormous amounts of private data.
Organisations have to be open with their customers about how they manage (use and protect) personal information. Interestingly enough, this is actually the first Australian Privacy Principle! The Australian Privacy Principles clearly stipulate that organisations must publish their Privacy Policy so that anyone that is interacting with them has a clear understanding of how the organisation will manage and ultimately protect their privacy by safeguarding their private information. Being transparent about data use and protection is key to ensuring that your clients will trust you with their data.
The Privacy Amendment (Notifiable Data Breaches) Bill 2016, which establishes a mandatory data breach notification scheme in Australia, has finally passed. This will ensure that any data breaches within organisations covered by the Privacy Laws have to be reported to the Privacy Commissioner and affected individuals have to be notified. It is clear that such a breach and subsequent notification will be extremely detrimental to any organisation in terms of loss of trust. Organisations must take steps to ensure the privacy of customer data and ultimately the trust that customers have in you.
Any organisation that maintains private information on their clients (and that is almost everyone) needs to ensure that they maintain the privacy and security of this information. It is vital that organisations follow the four simple steps below:
- Understand your key information assets and perform a vigorous risk analysis of your environment to understand your key cyber security risks and mitigate those as far as practical
- Ensure you have anS incident response plan in case there is a breach to minimise damage
- Obtain cyber insurance for those risks that you cannot mitigate
- Share threat information anonymously with your peers so that you can protect each other.
Ensuring the privacy of your client’s data is vital. Being transparent with how you use and protect data privacy will ensure your clients trust you with their private information. Speaking mathematically, Privacy + Transparency = Trust!
Ashwin Pal is the Unisys Director of Security Services responsible for Unisys’s security business in the Asia Pacific region.