Forrester predicted as early as 2014 that data security and privacy would be market differentiators, “…in the battle to win, serve, and retain customers, data security and privacy have become competitive differentiators and, thus, a top business technology agenda item.” While the reference specifically envelopes the consumer to business relationship, the same principle can be said to apply in the B2B space. Many research and data insights suppliers have direct relationships with panelists and consumers in the course of research and surveys – however just as many suppliers do not have a direct relationship with consumers. Increasingly, as consumers question a business’ data privacy practices and begin to transact based on business approaches to privacy, suppliers must bring privacy to the top of the business agenda.
Market research and data insights, specifically in the context of the advertising ecosystem, are at the forefront of privacy advocates’ and regulators’ agendas. This is most evident in the updated third-party risk management processes implemented by most companies. Businesses send out a flurry of security and privacy questionnaires attempting to assess the potential business risk of dealing with a particular supplier. While many questionnaires ask generic questions (e.g. do you have a privacy program, please provide a link to your privacy policy, etc.), a more sophisticated version of the questionnaire is appearing with detailed inquiries related to the impact of cross-border data transfers, applicable surveillance laws and data subject rights programs. In addition, many businesses are re-evaluating their contracts with suppliers and incorporating updated terms to address privacy and security.
The expectation and pressure from the consumer on a business flows downstream to the business’ use of suppliers. While it is key to have a proper compliance framework to illustrate to businesses that your company is “compliant” – your privacy program needs to go beyond compliance. The commitment to privacy must be first targeted towards the consumer and not towards the B2B relationship. Companies must not, and do not have to, sacrifice consumer privacy in order to understand consumer attitudes and behaviors. By promoting and cultivating a culture of trust and transparency with consumers, even as a B2B company – the role of privacy as the market differentiator becomes obvious.
Cultivating Consumer Trust in a B2B Environment
Cultivating consumer trust is a monumental task under any circumstance but it becomes even more difficult for a supplier because of the lack of the direct consumer relationship. To build trust with the consumer the focus must be on transparency, control, and security.
Creating transparency requires telling the truth in a way that people can verify. Practically speaking, this means having updated privacy policies, websites, and other consumer facing materials to provide a consistent, comprehensive and plain language approach to notices. Taking the time to ensure that notices are accurate and easy to understand is not only a practical approach to compliance, but it also sheds sunlight on what can often be considered to be complicated and onerous terms.
“Try to be transparent, clear and truthful. Even when it is difficult, and above all when it is difficult.”
Jean-Cyril Spinetta, Former Chairman and CEO, Air France
Control means providing individuals, as much as possible, with the ability to access and delete their personal data and to control the processing of their personal data. Companies must know what personal data they’re processing, create frameworks to support data subject rights requests, and develop systems and methods for consumers to communicate their preferences. For example, companies must look to the use of consent frameworks for tagging technology or universal consumer privacy mechanisms such as those that limit ad tracking. By providing these controls directly to consumers, companies empower consumers to make informed decisions.
Building privacy as a market differentiator also involves undertaking a multi-layered approach to data security, including the use of technical, physical, and organizational controls. This process requires regular internal and external reviews consistent with industry standards and applicable laws and regulations. Data breaches are the fastest way for a company to lose consumers’ trust. The local news does not report on regulatory fines but rather the latest – potentially easily averted – breach that exposed personal data due to “accidents” or “failures.” In this instance maintaining robust policies and procedures and staying out of the news is the easiest way to build trust.
Creating trust with consumers often demands an internal culture shift. Companies must seek to foster a business culture where the Chief Privacy Officer or Data Protection Officer are not the only employees charged with ensuring and building trust. Engaging sales, product, engineering and security teams to evaluate aspects from a privacy mindset – including privacy-by-design features – is a more practical way to limit employees from just “checking a box” and also empowers employees to champion privacy. These practices lead to organizational awareness and enhance the market differentiator. As employees are empowered with the tools and resources to understand and communicate privacy as a company priority, clients can begin to “see for themselves” – when your sales teams are prepared, when the product teams provide privacy conscious alternatives to produce the desired client result, – this is when the value of privacy truly shines as a market differentiator.
