DataBlogPost titleCase

Recent incidents where businesses have failed to respect and protect their customers’ data haven’t done much to build trust with consumers. Understandably, consumers are increasingly cautious about what they share and whom they share it with.

Does this mean that business will soon need to give up the insights they’ve gained from collecting and analyzing customer data? Hardly.

In this article, I’ll explain why this cautious attitude has less to do with data collection itself, and everything to do with how your data policy is written, enforced, and shared with your customers.

I’ll also share some specific advice for retailers and other consumer-facing businesses on how to use personal data in a way that creates a positive experience for everyone.

Consumers Have Every Reason To Be Cautious

First, let’s review some recent events that have given consumers plenty of reasons to be concerned:

Target. In 2013, hackers stole 11 gigabytes of data that contained names, mailing addresses, phone numbers, email addresses and even payment card data for up to 70 million Target customers. The breach later cost the retailer $18.5M in fines..

Equifax. In one of the highest profile security breaches ever, hackers stole data on over 140 million consumers – including Security Numbers, driver’s license numbers, and even credit card information.

Uber. From “God View” to “Greyball”, Uber has deployed a series of tactics that don’t exactly respect users’ privacy. While these aren’t security breaches, they certainly represent a breach of users’ trust.

Vizio. This television manufacturer collected the viewing habits of its customers (without their consent) and shared that data with third parties. It had to pay a $2.2M fine to the FTC as a result. Samsung even did something similar by listening to household conversations without letting users know about it.

Facebook and Cambridge Analytica. In case you missed this one, data analytics firm Cambridge Analytics acquired Facebook data without the direct consent of Facebook or its users. It then used this information to help influence 2016 presidential election in the U.S. Not surprisingly, Cambridge Analytica was suspended from Facebook and later filed for bankruptcy.

These are just a few examples. But even if they were the only ones, I would argue that they alone would be sufficient to warrant caution among consumers.

Consumers Will Punish You If You Lose Their Trust

Let’s take a closer look at the last example about Facebook and Cambridge Analytica. Yes, Cambridge Analytica is the party that’s primarily guilty. But consumers are also punishing Facebook for allowing this breach to happen in the first place.

According to privacy advocate DuckDuckGo, about 60% of Facebook’s adult users in the U.S. are likely to share less personal information with Facebook as a result of recent news about Cambridge Analytica.

Duck Duck Go Facebook audience chart

After the Facebook/Cambridge Analytica incident, a high percentage of adult Facebook users in the U.S. are less willing to share personal information with the social media giant. Source

The lesson? Even if you think your company itself isn’t doing anything irresponsible, that won’t let you off the hook. Your own data policy is just one piece of the puzzle.  If a partner, customer, or vendor misuses your customers’ data, you’ll still be held responsible. Be careful about who you do business with. Make sure that any third parties you work with have a data policy that is just as robust and well-enforced as yours is.

Here’s The Good News – The Right Data Policy Can Help Make Great Experiences

Do these recent developments mean that your own businesses will have a difficult time getting the data you need to better understand your customers? Not necessarily.

In fact, there are numerous examples of where LOTS of personal data is collected and consumer trust is preserved. Consider these examples:

Amazon Echo. Alexa is always listening. While Amazon doesn’t record conversations that aren’t directed to Alexa, having your speech constantly monitored still requires a high level of trust. However, consumers seem fine with this arrangement, if the product’s reviews are any indication.

Apple Touch ID and FaceID. Your fingerprint and facial structure are highly personal pieces of data. Once comprised, it would be difficult to amend the situation. Yet despite this, millions of iPhone users provide this data in order to make their phones easier to use.

Waze. This navigation app collects quite a bit more information on your whereabouts than similar apps. But doing so allows it adjust your routes in real time, provide smart suggestions based on your driving habits, and even help prevent accidents.

Mint. This personal finance tool asks for information on just about everything related to your finances: credit cards, bank accounts, mortgages, retirement accounts, and more. If this information was collected without your consent, you’d be infuriated. But with Mint, users hand over this data readily to get better insights on how to spend and save.

The 6 Pillars of Building Trust With Your Customers’ Data

As these examples make clear, the practice itself of collecting data about your customers isn’t what turns them away. Instead, it’s how you collect data and what you do with it that make all the difference.

While providing a benefit to users is an obvious principle to adopt, having a respectful and effective data policy goes far beyond that. Here are six pillars that will help your company create a data policy that benefits both you and your customers.

When building your data policy, keep these six pillars in mind. Legally compliant

You probably don’t need to be told this, but I’m including it here for the sake of completion. If your business doesn’t comply with local legal regulations for consumer data, then you’re going to run into issues. Even if you meet all the minimum legal requirements for your particular jurisdiction, it’s worth looking at other compliance regulations that are in effect in other parts of the world. For example, the recent GDPR regulation technically only applies to countries operating in the EU, but businesses operating in the US would be wise to follow suit.


Like being legally compliant, keeping your data secure is table stakes. If your customers’ data is stolen, then nothing else you do really matters. While an outline of data security best practices is outside the scope of this article, Iron Mountain and Yubico have some good resources to get your started.


Tell your customers know what data you’re collecting, how you collect it, and what you plan to do with it. You have little to gain by keeping this a secret. Someone will discover it anyway, and they won’t be kind when revealing your actions to the world.


When possible, give customers the opportunity to opt out of having their data collected. Some people just have a greater desire for privacy than others, and your business needs to respect that. If a customer changes their mind, make it easy to opt out and remove any data you’ve collected.


Communicating and acting on your data policy in a trustworthy manner is crucial. If you check all the right legal boxes but don’t have a consumer-friendly message, you’ll still lose trust. Here are a couple questions to consider… Is your privacy policy difficult to understand, or hidden in an obscure part of your website? Does your data policy sound like it was written by a team of lawyers, or a human being?


Your customers are presumably providing something of value to you by allowing you to collect their data. Make sure you reciprocate and provide at least as much value in return. And don’t be shy about letting your customers know how you have improved their experience. Letting them know that you’re trying to make their lives better will improve trust and their perception of your brand.

Treating Personal Data With Respect Is Good For You And Your Customers

With each passing year, there is more and more technology that helps businesses collect and analyze. Along with that come more opportunities than ever to improve the customer experience.

Unfortunately, when high-profile businesses fail to build and enforce a customer-centric data policy, it makes it difficult for everyone else to build and maintain trust. That doesn’t mean you shouldn’t try. A data policy that respects your customers is possible when done with the right motives and the right protocols.

As we’ve seen, consumers are more than willing to share their data in the right contexts. However, given the rising number of reasons consumers have for being cautious, adhering to the six principles above is more important than ever – as is working with vendors, customers, and partners who are equally committed to them.

Special thanks to Michel Falcon, Micah Solomon, Ian Golding, Jim Tincher, Adrian Swincoe, and Jeanne Bliss for their contributions and feedback on this article.