Consumer Data Privacy and KYC: The Clash of Compliance Titans?
Cybercrime has evolved, as the attacks have increased in size, frequency, and sophistication.
The average cost to deal with cybercrime increased by a whopping 72% in the last five years. Security breaches cost $13.0 million per company in 2018, and that amount is expected to rise further. The FBI pegs last year's cybercrime costs at $2.7 billion, and experts speculate that the global price tag could reach $6 trillion in 2021.
These are alarming numbers, especially when breached companies sleep on the job securing their data. Businesses are now in the spotlight on how they collect, store, secure, and share user data. Millions of lives are at risk when private user data falls into the wrong hands.
The Importance of Consumer Data Privacy
The focus on data privacy was due to the various cyberattacks that left personal user data exposed. Governments around the world responded with stricter regulations on consumer privacy. The introduction of the E.U. 's General Data Protection Regulation (GDPR) has made a positive impact on how companies handle user data.
In the U.S., many states have adopted their versions of the GDPR, like California's CCPA or California Consumer Privacy Act. Data privacy regulations are essential to ensure a user's personal information doesn't go into the wrong hands. Stolen data can affect a person's fundamental freedoms and rights, such as fraud and identity theft. Penalties, lawsuits, and steep fines await organizations that fail to follow privacy requirements.
To date, there have been several record-setting fines and penalties for non-compliance, especially with the GDPR.
France fined Google €50,000,000 in January 2019 for a lack of transparency and consent in advertising personalization.
British Airways got a steep £183,000,000 fine from U.K. regulators because of inadequate cybersecurity arrangements. Hackers stole 500,000 customer records from the B.A. website in June 2019.
In the U.S., the major Equifax data breach cost the company at least $575 million in penalties and fines. They lost 150 million personal and financial records due to an unpatched database vulnerability.
Because of the severe penalties imposed by privacy regulators, organizations are taking notice. Businesses have to think about consumer privacy protection before they can do anything with the data they collected.
How Does Consumer Data Privacy Affect Marketing?
Marketing is all about gathering information about the target audience and reaching them the best way possible. While these privacy laws are good for consumers, they pose a conundrum for digital marketers. Consumers demand more privacy, but they also crave for more personalised products and services. Because one contradicts the other, it's going to be very hard for marketing to provide anything relevant.
What Marketing Teams Need to Do?
Accenture released a study in 2018, where they surveyed over 7,000 companies. The topic was "trust", and over half of the businesses saw their trust incidents rise (data breaches), leading to billions in lost revenue. The study showed that more consumers are losing their trust in both big and small businesses when a scandal or breach happens. Users who once shared their information freely are now hesitant if they feel the brand doesn't have their back.
Brands need to prove to consumers that their trust isn't misplaced. Companies can only do this if they have an open discussion with their customers about safety and privacy. When someone visits an online retailer, for instance, the store needs to reassure the customer that the site is 100% secure and respects his data. Transparency about privacy policies and data protection efforts should be front and centre.
Marketing teams must give consumers the option to approve and withdraw consent at all times. The language needs to be unambiguous and clear. Every campaign should start with earning the customer's trust, and that can only happen by being honest and transparent about data privacy.
The Need for Personalised Privacy
Most consumers know that marketers are collecting information about them for targeted advertising. While some customers are okay with sharing their information and browsing habits, some view it as creepy and an invasion of privacy. Marketing teams need to focus on giving each consumer personalized privacy at varying levels.
Companies need to give consumers some level of control over the use of their data. Businesses also need to be transparent about how they use customer data and the steps they take to protect it. It all boils down to trust and respect in the eyes of the consumer. If people feel that a brand doesn't have their best interests at heart, they won't place their trust in it and move on to the next one.
What About KYC?
On the other end of the spectrum, you have KYC. Banks and other financial institutions have been verifying client info long before the GDPR came into play. For banks, KYC is critical to ensure they follow the rules on anti-money laundering (AML) and combatting the financing of terrorism (CFT). The practice allows banks to catch illegal transactions used for bribery or corruption.
With the rise of cyberattacks, businesses need some form of KYC to protect their interests. There are plenty of tools available to perform an online background check on customers, with their consent. Organizations using this extra layer of verification can even weed out scammers and catch identity thieves before they can do any damage.
However, most of the information requirements for KYC contradict consumer data privacy laws. Know your customer procedures involve gathering large chunks of data from an individual for AML and CFT purposes. GDPR and other consumer privacy laws restrict how organizations can collect this data.
Another issue is when customers fill-out several KYC forms for many different companies. The process is repetitive, and the same client information now rests within several organizations. These companies must ensure that their KYC data remains safe and protected from cyberattacks at all times.
Is There Conflict with Consumer Data Privacy and KYC?
At first glance, it may look as if KYC contradicts everything data privacy stands for, but it doesn't. Data protection and privacy laws don't prevent companies from conducting their due diligence when it comes to KYC. These regulations are here to establish the best practices on how to safely gather client data.
To meet obligations for AML and data privacy, firms must first understand where these regulations overlap. Adjusting policies to accommodate the other compliance regulation is key to covering all bases. Organisations must consider the following:
- Ensure the security and integrity of personal user data.
- All KYC personal data processing must have a documented legal basis before proceeding any further.
- Make sure consumers and corporate customers receive privacy notices for any changes to the law.
- Ensure that client records remain accurate and updated.
Compliance Helps Keep Everyone Safe
When it comes to cyberattacks and data breaches, we’re only seeing the tip of the spear. The threats will only get bigger and more sophisticated as advances in technology will be helpful to both sides. Along with the growing menace of cybercrime are more severe penalties for companies who fail to comply.
If you have a business, don't delay the implementation of a rock-solid cybersecurity plan. The last thing you want is being on the receiving end of a stiff fine from a data privacy regulator or getting charged with breaking AML or CFT laws. The news of failing will sting and hurt your stock, but a massive fine can bury you.