1. Declare privacy and security a core value, so consumers can hold you to it
Communicate the measures that you are taking to back up this core value, so consumers know you are protecting them and so they can better protect themselves. Consider a C-level position, responsible for both orchestrating and communicating initiatives around privacy and security. Include not just customers, but also investors, regulators and employees in your communications.
Keep track of evolving regulations on privacy and privacy reporting worldwide, and be aware that not just regulations, but values differ from one country to the next: what is considered a privacy right in one country may not be in another. Multinationals may need one set of privacy and security values that they apply globally, and an additional set of country-specific ones.
2. Choose privacy and security by design and weave it throughout the entire organization
Embed risk-based safeguards not just into IT systems’ architecture, but also into your business practices, supply chain, third-party contracts, agile development and controls to make your organization the center of a growing web of trust.
For best results, get privacy and security experts on board at the start of any data-related initiative. It’s more effective (and more cost-effective) to embed privacy and security from the get-go than to add it on later. Starting with privacy and security also helps demonstrate that they truly are a core value.
3. Prove to customers that you respect them
Tell consumers what you are doing with their data through direct, individual communications on multiple channels, throughout the buying cycle. Offer options to give them control over their data—including the option to choose how their data is used—and clear choices among privacy settings. Don’t sell their data to third parties without their explicit permission.
4. Should a breach occur, act quickly and transparently
Transparency requires sharing not just the fact of the breach as soon as it occurs, but doing so through multiple channels and providing continual updates. Your company will therefore need a communications plan, which addresses victim notification as well as brand preservation as part of your incident response procedures.
Aside from quick action to repair the breach, consider some of the top responses (see graphic) that consumers say will rebuild trust after a breach occurs. Pay attention to cultural differences: consumers in some countries are far more likely to attribute importance to a “personal touch” (such as a public apology or the opportunity to talk to a customer support specialist) than in others.