Skip to content Skip to footer

Loading Results

Using privacy to build customer trust

Playback of this video is not currently available

Episode 15: Using privacy to build customer trust
* To download this mp3 file, please right click and save link as...

Transcript: Using privacy to build customer trust


Jon: Hi. Welcome to Shift, PwC Canada’s podcast series, and we’re digging into key digital trends and topics that can make your business transformation a reality. I’m your host, Jon Finkelstein, and I’m also the Creative Director of PwC Canada. Today we're talking about a very hot topic, and that is privacy, data, and trust when it comes to customer experience.

My special guest today is Pamela Snively, Chief Data & Trust officer at TELUS. I'll tell you right now there's probably very few organizations, sectors, that are as concerned about trust and data as the big telcos. Welcome to Shift.

Pamela Snively: Thank you. Great to be here.

Jon: Chief Data & Trust officer. That's your title. Tell me, what does that mean to you? 

Pamela Snively: I get asked that question a lot because it is an unusual title, and I will often sort of just dismiss it and say, "Well, it's really just a fancy word for a Chief Privacy Officer," but it really isn't and that title, in fact, is a large part of the reason why I took the job at TELUS.

When I first started interviewing for the position, it was Chief Compliance & Privacy Officer, and over the course of discussions with some of the executives at TELUS, and largely with our CEO -- who is deeply committed to customer trust, maintaining customer trust, earning customer trust, we started to talk about privacy at a deeper level and we realized that it really shouldn't be about compliance. It should be about maintaining customer trust.

Jon: It sounds like a nuance, but it actually isn't, because if you think about compliance, it feels very internal organization -- "It's about us". And I love the fact that you're focusing on the customer, because that's really what it's about at the end of the day. No customer, no business.

Pamela Snively: That's a great point. I love that perspective on it. It also makes it a lot easier for our business to understand why they need to do what they need to do. When I go in and talk to the business about maintaining and earning customer trust, that's a language they understand. They know how critically important that is, and that is what their entire business is about. So, if I can put privacy and respect for the personal information of our customers into that language, then they understand it and the whole game is transformed.

Jon: When we start to think about things like trust and privacy, and how it relates to the customer, it feels like there's a lot more room for innovation, and changing, and impermanence, if you will, because everything's moving, everything's changing.

Pamela Snively: That's so true. There are no limits to what we can do to continue to earn and maintain customer trust, and we are constantly looking for ways that we can go a step further.

But there are so many more opportunities and it's a discussion we have daily, like "What more can we do? How can we communicate better with our customers about what we're going to be doing with their data, and how can we be more thoughtful about it in all of our business initiatives?” And of course, in today's world, there are so many business initiatives that relate to data. I can hardly think of any that don't.

Jon: Do you have to earn customers' trust, or do they already start the relationship already trusting you, and you're now in a position to either keep it or lose it?

Pamela Snively: I think that depends on the customer. I think that there are pockets of customers out there that are, in today's world, starting off skeptical. And then there are others that are trusting and they sort of make assumptions about large organizations or about any organizations, and quite frankly there are those who just don't think about it much at all. But they will certainly think about it if we do something that jeopardizes their trust.

As the public is hearing more about these egregious privacy breaches, or just breaches of trust, in terms of how data is used, which is not necessarily the traditional someone hacked in and got your data, now it's breached in the way that people think about it, but a breach of trust in terms of how we used it. I think we are starting a little bit behind the gate and we have to earn that trust going forward.

Jon: It's really interesting, because especially in a position that you're in at TELUS, you have a lot of data on people, not only personal data, but financial information, and it could kind of go either way, because when you have a lot of data on someone, there's a lot of benefit to the customer as well because of what you can do... Like you say, "What can we do with the data?" It's not like it just sits around. What's the end game for all this?

Pamela Snively: That is a huge priority for us, is to use the data in a way that will make their customer experience better. It's important to look at providing choices for customers, better ideas about what products and services that particular customer might be interested in, being aware of where they are in the cycle of a particular contract, where they are when they've most recently bought a phone, all sorts of different aspects to our relationship with them on the telecommunications side.

Jon: Along with data, you have to have sort of checks and balances in place to make sure that it's private, so what kind of steps do you guys take in order to ensure that there isn't a breach, that the data is used correctly, that there's security measures in terms of who can access it? 

Pamela Snively: So, if we're assessing how a business might go ahead and use data, we would work with the security department to make sure that at every step in the process of utilizing that data, the data will be kept secured. So, how it's transmitted between areas within the company, for example, could be an area of vulnerability, so we'll focus on that as well as of course always where it's stored.

But in addition to that, whenever any part of the organization wants to for example use data for a different purpose, and this is different from security, they need to come to our department and submit what we call a privacy impact assessment, but go through a review for us to determine whether or not that's in keeping with our commitments to our customer, in keeping with the reasonable expectations of our customer. Would they be surprised or shocked by that use of data? That's not something we ever want to do.

Jon: Do you think that most organizations have the right amount of thoughtfulness if you will, when it comes to data and privacy?

Pamela Snively: I think in Canada we have a pretty mature privacy tradition among our larger organizations, so I think that there is a lot more thought that goes into this than many people realize within larger organizations.

Jon: At TELUS, when stuff does go wrong, and we're all human, so things will go wrong, how do you remedy it? How do you make it feel okay from a customer experience?

Pamela Snively: When we talk about having a breach readiness and response plan, we know mistakes can happen. Breaches can happen, but it's how you respond to the breach that matters, and that's where the trust is going to come in. It's whether or not it's clear to you that the organization is taking it seriously and trying to make this right. And if you don't feel that way, then they've lost your trust. 

Jon: But when things do happen, and they might, what you do as a result of that is equally important, if not more important, as you say, in engendering trust, keeping trust, and even potentially getting more...

Pamela Snively: Building trust.

Jon: Building trust.

Pamela Snively: In our minds, we'll treat this as a lost customer that we need to recover and we'll do everything we can to win back that customer's trust and business.

Jon: It's interesting too, because people, customers will advocate or not on your behalf after it gets resolved. "Hey, let me tell you what happened at TELUS. It was amazing," or "It was terrible." That's a powerful thing either way.

So tell me, there's a lot of eyes right now on the Canada Mandatory Breach Notification. It's coming November 1st.

Pamela Snively: Right.

Jon: I think that's probably a five alarm fire for a lot of people. Tell us a little bit about that, for those who don't know, what this breach notification is all about.

Pamela Snively: The Mandatory Breach Notification requirements have really kind of two main prongs for organizations, and the first is ... well, three, I guess.

The first is when there is a data breach that involves personal information, a report has to be made to the [Privacy] Commissioner, if the breach rises to the level where there's a real risk of significant harm to an individual. So, it can be even just one individual, it doesn't have to be a large scale breach. So, that requires reporting to the [Privacy] Commissioner.

It also requires notification to the affected individuals, so the individuals who are at risk of harm. And then the third piece is also a record keeping requirement. I think it's actually pretty significant in terms of the effort that organizations have to put in, but less noticeable to the general public.

Jon: Do you think that organizations are worried about this?

Pamela Snively: I think some organizations are worried about it, and organizations never know how things will play out and what this is going to look like in practice, so there's uncertainty around it, which is never good for business.

There will be more reporting to the [Privacy] Commissioner now than there has been in the past, so we have been getting ready in terms of making sure our systems and our response protocol reflect that new requirement, the record keeping requirement -- which is, we have to keep a record of all incidents, even if there is no real risk of significant harm. So all incidents involving personal information, and that's actually a pretty broad requirement. But it is a shift in how most organizations set up their record keeping and respond to an incident.

Jon: So, why now? Why do you think this is important now?

Pamela Snively: I think it's a response to concerns about consumer trust in the digital ecosystem, and just making sure that people feel confident that if something has happened that's impacting them, that they will be notified.

I think the idea here is to have people be more aware of what's going on and allow them to protect themselves, and then I think the hope is that that will engender more trust in the digital ecosystem. It could go the other way, though.

We've seen other jurisdictions where we have this kind of notification fatigue, where people are hearing constantly about smaller breaches, and people just kind of pitch them out and stop paying attention to them. And I think that's equally dangerous -- if people stop worrying about their privacy and start thinking that a breach is just the normal course.

Jon: When it comes down to data and trust, it's really interesting, because there's some people who take it really, like, "My personal data is sacred".  

Pamela Snively: I think the Snowden revelations a few years ago have changed the way people think about it. It used to be just identity theft, and that didn't seem that real to people, or realistic, or didn't think that they were the likely target, and so a lot of individuals just didn't take it as seriously.

But now that we're hearing about a different form of abuse of data, and a larger scale surveillance program potentially, people are a little bit more worried from a different perspective than they used to be. It's not just about identity theft. People are concerned about that and they want more transparency around, "How is my data being used? And how is it being used against me?"

Jon: Do you find that you're needing to communicate to people a lot around what it is you're doing? Are they asking questions? How do you go around making sure that customers feel that you're being transparent with them?

Pamela Snively: We do find that they are asking more questions lately, so we take note of that and we are very conscious of responding to the questions that they are asking.

So after each of these scandals and each of these breaches, we will see an increase in calls in to find out if we're doing any of those things, or how they can be protected against those things -- who we're sharing data with, that sort of thing.
So, we will always try to address where we see a series of questions or patterns trending and questioning, that we'll try to put answers out there right away, if they're not already on our website or somewhere else available to our customers.

But one of the things that we've done is try to just put more information out, and not in a way that inundates everyone. There's enough jokes out there about everybody knows nobody reads privacy policies, we all just click agree. So, making them longer and putting more detail into those is clearly not the answer, if you really want to meaningfully gain customer trust.

Jon: Let's talk a little bit about the interplay between the level of trust a customer has with an organization, how much data they're willing to share or not share. Do you see a correlation between that?

Pamela Snively: I know I certainly fall in that category. I will think about the organization with whom I'm doing business before I decide how much information I'm going to give them. So I want to understand that my trust in the organization is one thing, and then what they're going to be doing with the data is the second thing.

Jon: That's really interesting, because now we're talking about brand reputation. Am I more willing to give a whole lot of personal information to Amazon versus some overseas e-commerce website that I've never heard of? And you think about it in those kinds of terms, then you realize that there really is a brand play here. Their privacy policies could be exactly the same. But then how do I really interpret it? 

Pamela Snively: So, even if the words are there, I look for an organization that has a reputation to lose. If they don't have a reputation to lose, then I know that their attention to my privacy might not cost them anything if they create a breach.

Jon: If you had advice for organizations big and small about how to take this seriously, maybe what to do, what would you tell them?

Pamela Snively: We have to really think hard as an organization about what your limits are and how far you will go, and really consider your particular customer base. I think that customers in one particular area of industry might have different expectations than others, so there's no one size fits all.

Jon: As the world becomes more digital, and as businesses become more automated… talking a lot about AI and machine learning and RPA, so that's the Robotic Process Automation, do you see that having an impact on trust and data cleanliness, and all that kind of good stuff?

Pamela Snively: Absolutely. That's a huge area of focus for us right now. When we're looking at privacy from the beginning, and it sounds a little hokey to say that one of the first things that I think you need to do is look at the principles that you're going to operate under, and that's going to be contextual to your industry as well as your own organization's corporate culture.

That's been the only way that we've been able to really drive change and structure a program that's meaningful at TELUS around privacy, and we're now doing the same thing again when it comes to AI.

And so we're starting again at the beginning of that journey and saying, "Okay, what are the principles that we're going to live by? What's our charter of ethics that we will commit to?” And then, “What are the policies and processes that we need to put in place to make sure we keep our word on that and make it true?”

Jon: That's really key. I think that's very important, I think. It's not just a box you check.

Pamela Snively: It's transformational when we approach it that way.

Jon: Privacy seems like it's in its own little box. Does privacy by virtue of what it is enable innovation or does it hinder it? What are you seeing in there?

Pamela Snively: I'm not sure if I see privacy in its own little box. If you're doing privacy well and you are doing it from this perspective of guiding principles and integrating it into the customer experience, and the customer trust model, then it's fully integrated. It's not a separate box. It's part of how you do business and part of how you make decisions about business every day.

But on the barrier side, there's some interesting dynamics there where often privacy is seen as a barrier to innovation, and I know even with some of the consultations that are going on right now with the federal government, the round tables on innovation are actually turning into discussions about privacy because people are seeing it as a barrier to innovation.

I think we have to see it as not necessarily an enabler of innovation, but a motivator for innovation, that we can do things differently and more creatively and arrive at the technology and the solutions that we want, that are still privacy respectful.

And in fact, sometimes privacy can actually motivate technology all on its own. So many of the fixes for the problems that technology brings can be found in technology. So let's use technology to fix the technology, and let's not just throw up our hands and say, "Well, this is just a problem with technology today." If we can design a problem, we can design a solution.

Jon: I'm gonna retract what I said about privacy being in its’ own little box, because how could it be? Because the world is changing and because there's new things that keep happening all the time, it can't, it's not static. We can't look at it as static. If something doesn't already exist or is leading us down a way that doesn't seem right, let's innovate around it. Let's innovate a way forward. That's a very cool spot to be.

Pamela Snively: I had this great moment this summer. My son is doing his degree in Engineering Computer Science and wants to get into AI, and had a summer job in a company doing some AI work, and he came to me after a week on the job and just said, "What you do is so cool. AI is 50% privacy." It was heartening to hear that it's being taught to him as 50% privacy -- like are we making sure that the data sets that are being used are allowed to be used for that; that that's consistent with the customer's expectations?

All of this is all feeding back into this whole concept of customer trust, and maybe it goes beyond what we've traditionally thought of as privacy, but I start to talk more and more today about data ethics rather than just pure privacy, because it goes beyond just our one piece of privacy legislation, and into a much broader field if we're talking about customer trust.

Jon: Well, it's interesting, because ethics by virtue, by definition, sounds like there's decisions to be made as opposed to is it private or not?

Pamela Snively: Promise and peril.

Jon: I love that. It's promise and peril. I love the fact that this conversation went beyond the idea of personal data as it relates to customization, because I think people want customized experiences and I think they're willing to give up a certain amount of data in order to get something that seems more relevant, and contextual, and timely.

We really got more into the ethics behind it and what organizations need to be thinking about in order to engender trust and set themselves up for that kind of conversation.

Pamela Snively: I think we're at basically a citizen trust tipping point in the government as well as in private sector, and this is going to be the moment in time when we make the decision to fix this and get it right, and do it right, and reap all the benefits and the promise, or we're going to -- it's going to pass us by. We're going to miss the opportunity.

Jon: I think that's a significant call to action for listeners, for organizations. It's like doing it right can have tremendously incredible impact to both the organization and the public. Do it wrong, and we miss the boat to... using data to make a meaningful difference in everybody's life.

Pamela Snively: That's why I love this job. 

Jon: My mind has been expanded and blown off the hinges a  little bit here, so thank you for that. And I hope other  people are thinking about privacy and trust, and data ethics in a completely different way, in a new light, because it's  even more important than I already knew it to be. So, thank you for that. And thank you for being here on Shift. I think  this has been a really important and timely podcast.

Pamela Snively: Thank you for having me.

Jon: Thanks for listening to this episode of Shift. You can get more details at If you enjoyed this episode and want to hear more, subscribe to our podcast series. You can find us on iTunes, Google Play or your preferred podcast platform. Just so you know, this podcast has been prepared by PricewaterhouseCoopers, LLP, an Ontario Limited liability partnership for general guidance on matters of interest only and does not constitute professional advice. Until next time.

Legal disclaimer

This podcast has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this podcast, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

“PwC” refers to PricewaterhouseCoopers LLP, an Ontario limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.


Contact us

Jon Finkelstein

Executive Creative Director, PwC Digital Services, PwC Canada

Tel: +1 416 687 8452

Follow PwC Canada