The promise, peril and real payback of Big Data

Author: Jacky Wagner

Do you do data right?

Imagine this. You’ve booked a city weekend break online. When you arrive at the hotel, your favourite music is playing in your room. You receive an SMS from a local restaurant informing you that it has a special on your favourite kind of food. Your sports app on your mobile phone flags up that there’s a lovely river path nearby, just the right distance for your morning run. The weekend is off to a perfect start.

Or is it? You don’t remember telling any of these providers about your personal preferences. You certainly don’t recall agreeing that your personal lifestyle data could be used for marketing. And you despise commercial intrusion on your mobile phone. As a consumer, you might feel like you’re being watched or stalked somehow.

Now switch to your role as a business leader, and a user of Big Data. Your aim is to harness the data to create positive experiences for your customers as often as possible. But are you sure that you do? You have clear Customer, IT, Marketing and Information Management strategies, anyway. They cover privacy rules, regulations, processes and trends so that your customers are comfortable and knowledgeable about parting with their personal information, and look forward to what they get in return. Right? 

Getting a single view of the customer using Big Data has such enormous promise. It can enable innovations such as intelligent transportation, unveil new market insights for exciting product development, and even create societal benefits like making healthcare more preventive and personalised. But companies mismanage the data that customers share with them at their peril. Not respecting privacy can shatter trust. And both consumers and regulators are becoming more concerned about the potential downsides when organisations don’t treat consumer data appropriately. These concerns risk getting in the way of the value that organisations, consumers and society stand to gain from exchanging data.

When it comes to data privacy, your organisation needn’t merely be reactive to regulation. Resilient organisations get ahead of reputational, legal and customer risks by being proactive protectors of their consumers’ privacy. They jump further ahead by finding out what customers want, giving them a choice and an active role in data sharing, and promising something of value to the customer in return.

The real payback? Long-term competitive advantage through trusted, mutually valuable relationships between organisations and their customers.

Big Data, small privacy

Big Data systems rely on large volumes of data, of many varieties, structured and unstructured, from a vast range of sources, and with varying levels of veracity. That data can be created inside a company or available for sale by commercial data aggregators and for free by governments. It might be demographic and psychographic information about consumers; product reviews and commentary; blogs; content on social media sites; or data streamed 24/7 from mobile devices, sensors and technology-enabled devices. The promise of Big Data is intelligence in the moment[1].

Consumers, lawmakers and regulators alike, however, are beginning to look more closely at how Big Data is gathered, used, shared and sold. 

“NHS [National Health Service] England is to delay by six months the roll-out of its controversial Care.data scheme for sharing patient records through a central database. An NHS England spokesman said the delay was to ‘allow more time to build understanding of the benefits of using the information, what safeguards are in place, and how people can opt out’.”[2]

In the EU, organisations will have to comply with looming new Data Protection Regulation in the coming years. And in the US, Big Data and the “Internet of Things” are under increasing scrutiny by the Federal Trade Commission[3] (FTC) and the Government Accountability Office.[4]

Businesses have a duty to manage consumer data responsibly. But, stakeholders are beginning to raise these concerns.

  • How seriously are businesses taking their privacy promises? To what extent are businesses really respecting consumer wishes when it comes to the collection, usage and sharing of their data? In some cases, companies aren’t aware of the obligations they do and don’t have and their consumer privacy practices are found lacking. And in, for example, the growing Internet of Things space, there’s a sentiment that newer players developing innovative, connected devices are less mature in embedding security than established companies.
  • How fast can regulations be implemented? The guidelines aren’t keeping up with technology, or the cyber attackers that exploit that technology. Rapid advances in information processing technology have fuelled new business models and new industries. This rapid development has well outpaced the evolution of governing norms and regulations. As a consequence, online behavioural tracking, device monitoring and data gathering and selling are inadequately covered the world over.
  • How transparent are businesses being? Do consumers really understand what is happening to their data? Do they have the opportunity to understand, or is the process too opaque? What legal rights are consumers given to control, access or correct their own data? Last Autumn, the then new head of the US FTC, Edith Ramirez, put it this way when warning big data companies to respect consumer privacy: “The way personal information is collected and used has been at best an enigma 'enshrouded in considerable smog.' We need to clear the air."[5]

The boon of Big Data is colliding with a hardening consumer attitude and potential tightening regulatory control. No wonder companies are uncertain about where the Big Data opportunities and risks lie.

Make sure you know the perils

Mishandling your consumers’ personal data risks damaging your organisation’s reputation as well as its bottom line. According to PwC research, including over a thousand consumers, 61% of respondents said they are not willing to continue to use a company's services or products after it suffers a security breach.[6] Other research shows that a breach increases customer churn by nearly 4%.[7] Claiming ignorance when risks materialise won’t salvage your customer relationships, even if you’re not to blame. What consumers trust you to do (or not do) doesn’t necessarily equal what is legally allowed to do. Here are some of the risk scenarios you could be facing or inadvertently causing for your consumers.

  1. Mixing sensitive and non-sensitive data sets. Pulling from heterogeneous Big Data sources often leads to a co-mingling of sensitive and non-sensitive, personal and non-personal data. These data have different privacy obligations and promises associated with their collection and use. What’s extremely tricky to begin with, is knowing which data actually counts as personal as the legal definitions and societal norms vary so widely.

    Internet browsing history and IP addresses are not necessarily considered personal, nor is geolocation-based information. Personal health information on the other hand is classed as very sensitive, but what about information that the individual chooses to share, such as opinions in a product review? Does the company have the same obligation to protect this?

    Then, when these different data sources get combined, the resultant set might move from being anonymous or innocuous, to personally identifiable. In this case, privacy protection is relevant. Businesses may be unknowingly non-compliant with regulations and importantly not honouring the very privacy promises that they, or another organisation, made to the consumer when the data was originally collected. All of a sudden, they leave consumers’ personal data unprotected from unauthorised inferences and disclosures.

  2. Not fulfilling their obligation to protect. Companies are grappling with the multitude of privacy regulations, self-regulation policies, and consumer expectations placed on them to protect consumer data privacy.

    How do companies best manage giving notice and getting consent for example? Generally speaking, data dissemination is not deemed an invasion of privacy if consent has been obtained. The practice of ‘notice and consent,’ however, hasn’t done much to increase consumers’ awareness of the growing data economy. Instead it has produced a tick-box tendency accompanied by long and unintelligible privacy policies. Most consumers don’t pay attention to the details before giving consent. Even if the organisation has been specific about data collection and use, the consumer may not have understood to what they are providing consent. On top of this, consent is generally at a point in time. The consumer may well have made a different choice if he reflected on how his data may be aggregated and collated later in time.

    Many industries have chosen to self-regulate to protect consumer privacy. Some stakeholders are sceptical of the efficacy of self-regulation, while others say it has led to greater innovation in, for example, the online marketing industry. Balancing the need to self-regulate to respect consumer privacy wishes with the desire to use data to innovate and deliver more exciting, tailored offerings to those same consumers isn’t entirely straightforward.

    Expectation setting and transparent communication are essential to avoid unpleasantly surprising the consumer.

Make privacy a priority, and a payback

Businesses that are serious about consumer privacy and customer experience can do plenty to safeguard consumer data privacy, even without regulation. Most importantly, business leaders should view the issue strategically — not through just a compliance lens but also through a lens of opportunity and trust.

  1. Get ahead of the risks

    • Have a Big Data strategy and an enabling privacy strategy. Consumer privacy shouldn’t only be about assessing the regulations, but also the evolution of technology, consumer expectations and the kind of business you want to be. As the privacy landscape shifts, the Chief Privacy Officer should become a more strategic role, linked closely with Chief Marketing and Sales officers to assess how data privacy affects business goals, and adjust the strategy accordingly.
    • Understand your current level of risk exposure. Conduct a data inventory. Carry out data flow mapping of your information systems to capture and understand the information flows and repositories — across your entire supply chain if possible. Complete a privacy impact assessment for a detailed analysis of the risks and their impact on your business.
    • Embed “Privacy By Design.” Integrate privacy protections into your product design and development and data management lifecycles without compromising functionality.


  2. Get ahead of the crowd

    The most proactive approach for protecting consumer privacy, while also continuing to enjoy the benefits of Big Data, is to invite your customers to a value exchange. This means encouraging and incentivising them to participate and share data by providing some meaningful benefit to them in return. 

    The majority of consumers accept the fact that organisations collect and use their personal information. While sceptical to sharing very personal data, they’re generally comfortable sharing basic information, but they want something in return — benefits and control.

    What benefits are worth it? Consumers appreciate free goods or services, such as free mobile or Internet services. They also value non-monetary incentives, like not having to watch ads or receiving exclusive updates about new stores or restaurants of relevance.

    Consumers also want to control how their data is used. So businesses need to be explicit, clear and direct in stating what personal information will be used, how it will be collected and what the consumer will get in return. If businesses want openness from their consumers, they have to give it back. When consumers perceive fairness and transparency, and have the option to control what and how information will be shared, they are more willing to share information.

    Organisations can also encourage consumers to share more information by educating them about the broader benefits and the “good purposes” for which the data is being used — from new product development, to health research, to improved public transport services. Consumers feel more comfortable sharing information if they understand how it might help them individually or as part of a larger group. It’s a way to get customers participating in and benefiting from what’s being called the personal data ecosystem.

    Educating consumers about how their information is protected and how your organisation prevents security breaches is also important to engendering trust in the relationship. Internal education is needed too so that employees get committed and create the right customer experience. Heightened awareness also equips consumers to demand the same promise from other organisations, thus bolstering the overall level of privacy protection.

    New business models and market offerings have started to emerge focused on giving consumers more control of their valued personal data. Some companies are already giving customers access to their own data, like power companies who let customers see their power usage online and share it with apps of their choosing. Companies like Google and Intel — massive data users — are supporting initiatives to help customers get insight into the personal data stored about them and to gain value from reusing that data.

    Other companies now offer “personal data vaults” that consumers control, and from which they share personal data with companies of choice. The upside of this for the companies seeking the data is that personal data may well be more accurate and forward-looking than information currently available. For consumers, it will be simpler to provide personal information across multiple sites, while gaining transparency and control over the data.

As private and confidential as the consumer wants

When an organisation fails to protect and use personal data as it promises to, this can be a disaster both for the individual consumer and the business, and trust collapses. There are huge challenges to establishing robust privacy. They are worth overcoming though as most consumers, businesses and societies enjoy the benefits that Big Data brings — when it’s used responsibly.

Regulation isn’t keeping pace with technology, or otherwise isn’t being implemented effectively. Irrespective, business leaders need to make it a priority to protect their consumers’ privacy, not least to build resilience against the associated risks, as privacy goes way beyond being an IT issue.

The new wave of businesses that view customers as participants in the data exchange are illustrating that a more innovative, proactive approach to privacy can be a differentiator, an enabler that balances the risks of Big Data with the benefits for consumers and organisations. Data privacy goes from being an obligation to an opportunity to create competitive advantage through strengthened customer relationships.

At the end of the day, when companies protect consumer privacy, they protect their reputation, their revenues, and most of all, the trust customers have in them.



[1] PwC: Capitalising on the promise of Big Data, January 2013

[6] PwC, May 2012, Consumer privacy: What are consumers willing to share?

[7] Ponemon Institute, 2013 Cost of Data Breach study