Will data kill your business? A wake-up call for marketers

Businesses and government have been winging it when it comes to data use. Graham Plant on trust and what it should mean to marketers.

As marketers we rely on data. Now more than ever. So why is it that so many businesses pay scant regard to the security, compliant use and governance of their customer data?

To understand if data security is important to your customers you don’t need to look any further than the hoo-ha happening around My Health Record.

Things have seriously heated up for the Government this week with the backlash from consumers concerned about the My Health Record opt-out program.

Surely you’ve heard about the My Heath Record? My Health Record is an Australia-wide catalogue of personal health information database that stores people’s medical records. It can be viewed by patients, doctors and other medical staff and will include a host information about your medical condition, prescriptions procedures, allergies and plenty more.

No surprise, that it has the backing of several peak medical bodies, including the Australian Medical Association, Royal College of Australian GPs and the Pharmacy Guild of Australia.

On first glance, it sounds like a brilliant initiative.

Imagine if you were in an accident and were unconscious and those trying to help you couldn’t access important medical information. Wouldn’t it be better that a medical professional trying to save your life could access important clinical details about medications you’re on or previous allergies or situations?

Sounds like a no-brainer right?

So why is it that consumers are up in arms and opting out as fast as they can?

 

One word: trust!

Consider that since February 2018, data breaches have affected 63 Australian organisations, of which 24% of them were in healthcare. This was reported by the Office of the Information Commissioners in its first report since the mandatory data breach reporting legislation came into effect. The general consensus among consumers seems to be that you can’t trust big companies or the government with your personal data.

Both government and large corporates have experienced the pain and embarrassment of data breaches in recent times.

Consumers have seen their favourite social media platform scandalised through poor management and use of their personal data. So enraged were many of the users that they unsubscribed in droves! The PR campaign rolls on trying to win back customers and their trust. Consumers are well aware that what they do online is being used to pitch them with ads, bot messages and email.

Many think that Siri is secretly listening in to conversations to help advertisers bombard them with ads. Isn’t that right Siri?

Poor data governance and management of personal data has resulted in identity theft, fraud and compromised people’s personal security. Of the breaches in the first quarter of 2018 referenced earlier the information involved was categorised as follows:

  • 78% contact information
  • 30% financial details
  • 33% health information
  • 24% Identity information
  • 14% tax file number, and
  • 2% other sensitive information.

Now the Government is copping it because as consumers we are questioning firstly its ability to protect our data and secondly what it will do with our data. The response was so strong that it crashed the My Health Record opt-out site.

In regard to My Health Record the primary purpose is quite clear, as is who will have access to your data. They are good reasons to be involved and could potentially save your life. However, the secondary purpose is not so clear, nor is who will get access to your data. You even have to dig around a bit through the information to find an explanation of ‘secondary purpose’.

As marketers, we all know that we can only use people’s data for the purpose for which it was collected, and then, only with opt-in consent. So why is it that the Government automatically has us opted in to My Health Record and there is only a three-month window to Opt-out? Surely the rules should be the same?

Hmmm. Obviously not.

I’ll let you do your own research into My Health Record. My simple advice. It’s your data so you need to understand what is being collected and how it will be used, and then take the action that you feel most comfortable with.

 

What does this have to do with marketers? Plenty!

If you are holding customer data you have an absolute obligation to ensure:

  • the data is collected appropriately
  • it is accurate and complies with quality requirements set by the regulators
  • it is protected and completely secure
  • compliance with the relevant Privacy regulations for the jurisdiction that the customer falls within
    if data is being provided to a recipient outside the country that you meet the cross-border disclosure of personal information requirements
  • that you are only using the data for the purpose it was collected and have opt-in consent for that use by the customer
  • GDPR compliance (which I’m hoping you’re already across considering date of compliance was May 2018)
  • any secondary purposes for the customer data is clearly defined and they again have opted in with their consent for that secondary purpose, and
  • the customer at any time can cancel their consent by opting out. This should be a simple process that doesn’t require navigation over three or four webpages and 25 mouse clicks.

 

Despite changes in policies, regulations and customer complaints, some organisations seem content to throw caution to the wind and exploit customer data.

Not only are the brand implications massive, there are significant criminal and civil actions that can be brought against you and your company for breaches. You can check them out at ACMA and at the Office of the Australian Information Commissioner.

So why take the risk?

Primarily commercial purposes include spamming, telesales, research and one of the worst crimes, selling personal data. More concerning is when it is due to complete ignorance of their obligations, the regulations and the risks.

As marketers not working for the government, we need to be vigilant in protecting customer data. Our customers are entrusting us with their data so that we can serve them; not exploit them.

If consumers are nervous about the government holding their personal data on a database that could potentially save their life, do you think they will entrust their data with anyone else? They might. But only if there is complete transparency of what is being held and why, and if they have total control of their data.

So, don’t bury your privacy policy in the back pages of your website and be ambiguous about what data you collect and how you want to use it. Be upfront.

Take a proactive approach and promote to your customers that you have nothing to hide, their personal information is secure, and they have nothing to fear. If you’re not sure what to do, get advice. Don’t wing it.

Build trust; don’t break the rules; be transparent; and deliver value through your products and services. Then you have a much better chance of earning your
customer’s trust. Get your name in the news for a data breach or poor practice and your customers will be leaving you in droves. Not having data will be the least of your troubles.

Don’t think so? Ask Facebook. Trust is a fragile thing. It takes years to earn, and it can be lost in the blink of an eye.

 

Further reading

 

 

Image copyright: andamanse / 123RF Stock Photo

Graham Plant
BY Graham Plant ON 23 July 2018
Graham is founder of Pearl Business Solutions, providing strategic and board advisory services that turn ideas into successful ventures. He works with start-ups launching new businesses, larger companies introducing new products or looking to open new markets, navigating businesses through the martech space or understanding the business value and applications of customer data.