Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Consumer privacy in retail

333 views

Published on

Retailers who are proactive with their approach to consumer privacy and retail cyber security will create more meaningful data and consumer engagement.

Published in: Retail
  • Be the first to comment

  • Be the first to like this

Consumer privacy in retail

  1. 1. Consumer privacy in retail: The next regulatory and competitive frontier
  2. 2. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 2 Retail is at an inflection point with consumer privacy. The industry, leaders included, should benefit by striving for a new standard
  3. 3. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 3 Consumers are becoming more privacy aware Some consumers are concerned about data privacy and want more control over data as they are aware of more data breaches Retailers should become data-wise and privacy conscious Some retailers struggle to develop privacy policies that align to business strategies, keep up with data proliferation, and deal with system complexity States are enacting new privacy regulations New regulations are coming as nearly half of US states are developing data policy legislation Consumers are increasingly aware of threats to their privacy and personal data; meanwhile, several states are introducing and enacting new privacy legislation
  4. 4. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 6 Individuals are attempting to manage significant “digital exhaust” that comes from all aspects of their lives Mostly user controlled Minimally user controlled Publicly- available information Information shared voluntarily Career Government issued IDs Politics Information from data breaches Online and social media activity Family details Basic internet profile Login credential Social security number Geo location data Credit score/ history General purchase history Device ownership Photos Friends/ colleagues Education history Personal identifiers Healthcare /insurance identifiers Financial history User account details Medical prescriptions Cross- site history System info Shopping preferences Payment processing data Legal records Customer service logs Third- party tracking Media preferences Home address Telephone call records Demo- graphic features
  5. 5. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 8 3 states have enacted dedicated privacy laws covering 42.5M Americans (13%) 19 other states are debating new privacy laws potentially covering 134M Americans (41%) The remaining states have traditional breach notification and security laws New privacy regulation coverage by U.S. population (327 million) FL NM DE MD TX OK KS NE SD NDMT WY CO UT ID AZ NV WA CA OR KY ME NY PA MI VT NH MA RI CT VA WV OH INIL NC TN SC ALMS AR LA MO IA MN WI NJ GA DC AK HI Enacted law Bill introduced and/or passed by House or Senate (includes “In Committee”) No dedicated consumer or data privacy action currently Dedicated privacy legislation by state7 Source: 7. Deloitte analysis of legislations related to privacy passed or enacted in 50 US states. New privacy regulations, either enacted or under consideration, will potentially cover 54% of American consumers with new protections and expose retailers to penalties
  6. 6. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 10 Consumer businesses may have historically had lower compliance costs than other major industries; however, privacy regulations will likely change that dynamic Financial services Healthcare Retail $30.9 million $19.0 million $11.5 million Average compliance cost by industry8 Regulatory compliance requirements most difficult to achieve9 90% 55% 50% 39% 33% 22% 18% 17% 11% General Data Protection Regulation Payment Card Industry Data Security Standard US state laws HIPAA/HiTech Sarbanes-Oxley Country-level regulations Federal cybersecurity directives New York State Department of Financial Services regulations Gramm-Leach-Bliley Act (GLBA) Source: 8 & 9. Ponemon Institute LLC – “The true cost of compliance with data protection regulations” (December 2017). Notes: HIPPA/HiTech refers to Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act. Consumer privacy laws, which are directly applicable to retail, are complex and challenging to implement 10
  7. 7. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 12 Retailers are in a challenging position: They are not highly trusted AND consumers hold them accountable to ensure privacy Most to least trusted businesses10 Accountability for ensuring consumer privacy in the retail industry11 (% of shoppers) Retailers 63% Federal government 41% Technology partners 27% Consumers 27% State government 23% Financial partners 20% Source: 10 & 11. Deloitte – Data Privacy Survey for US Consumers (N=2,000) Rank Sector % of respondents 1 Banks 63% 2 Hospitals 37% 3 Tax prep & legal services 37% 4 Credit reporting agencies 33% 5 Government 28% 6 Insurance 24% 7 Schools and universities 15% 8 Technology companies 11% 9 Nonprofits 10% 10 Airlines 8% 11 Restaurants 7% 12 Retailers 5% 13 Automotive 4% 14 Hotels 3% 15 Manufacturers 3% 16 Social media 3% 17 Print or broadcast media 2%
  8. 8. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 13 The disconnect between consumer perception and how retailers use the data fuels the trust deficit Source: Deloitte –Retail executive survey on US Consumer Data Privacy (N=201); Deloitte – Data Privacy Survey for US Consumers (N=2,000) believe data is being predominately used for targeted marketing, sharing with third parties or outright sold to third parties have an opportunity to engage consumers on how data is being used to improve in-store and online experiences, product selection, and efficiency of retail operations 27%28% 36% 41% 55% 68% 53%52% 49% 46% 27% 45% Increase efficiency of retail operations Improve product selection Improve in- store consumer services or experiences Improve online consumer services or experiences Share data with third-parties Target marketing Consumers Executives Data usage: Consumer and retailer perceptions Consumers Retailers
  9. 9. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 17 Source: Deloitte Retail executive survey on US Consumer Data Privacy (N=201) Based on Deloitte’s survey of retail executives, there are four major areas of focus when comparing and contrasting retailers’ privacy culture and privacy capabilities Deloitte surveyed 201 retail executives on data privacy to understand how retailers differentiate across a series of privacy tenets Data management • Enterprise views on what data needs to address and who needs to access it • Approach to determining how data needs to be managed and maintained Security and infrastructure • Approach to manage security for consumer and employee data • Focus on the infrastructure and cyber needs to protect data and manage third- party access or use of data Strategic alignment • Corporate governance structure and integration between privacy and business strategies • Internal environment and culture supporting privacy, empowering employees, and driving data ethics Consumer- centricity • Measures to elevate the consumer to managing their data and preferences • Policies developed to engage consumers and provide visibility into corporate actions, data collected, and use of data
  10. 10. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 18 Overall, performance of retailers varies notably across the four tenets and only a third of them (Leaders) manage to build capabilities and also nurture a culture of privacyPrivacycapabilities Developed a privacy culture Leaders’ privacy policy is well integrated into corporate strategy and privacy capabilities are optimized with focus on consumer-centricity Adopters (both Testers and Aspirers) are increasing their focus on privacy, however, have not yet fully embedded it across the organization Laggards have not elevated privacy and, as a result, it has not gained strategic or operational traction Methodology: Using retailer executive survey responses, we conducted cluster analysis to identify the key attributes differentiating retailers and were able to identify three distinct segments: ‘Leaders’, ‘Adopters’, and ‘Laggards.’ These groups exhibit statistically significant differences in their approach and performance around privacy related activities Source: Deloitte Retail executive survey on US Consumer Data Privacy (N=201)
  11. 11. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 19 There is a significant difference in how these clusters approach and manage privacy within their organizations Implement privacy through contracts and notices, with minimum processes, or even without full documentation Drive continuous improvement across key privacy areas, looking to optimize, and customizes approaches. Privacy is imbedded within the functions, often seen as a compliance or legal activity Privacy involves the C-suite with direction set at the top levels Internal operations and product selection Consumer-focused services and experiences (stores and digital) Security measures in place to protect the data Consumer rights and nature of data collected Laggards Leaders Across key aspects of privacy performance, ‘Leaders’ are over 10x more likely to have optimized capabilities and culture than ‘Laggards’ Approach Organization structure Top data uses Consumer communication Source: Deloitte Retail executive survey on US Consumer Data Privacy (N=201)
  12. 12. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 20 Purpose of consumer data collection optimally defined 7.6x Usage of consumer data collected optimally defined 39.0x Optimized privacy governance structure 5.6x Optimal integration of privacy with corporate or business unit strategy planning 10.5x Data retrieval made easy to get a holistic view of our customer 11.2x Data structured to limit access on a ‘need-only’ basis 3.5x Optimized data collection based on ‘data minimization’ 19.0x Optimized information security program to prevent violations 11.3x 5% 0% 7% 4% 5% 22% 2% 4% Leaders consistently outperform Laggards across crucial privacy areas; however, the industry should advance the standard 18% 15% 18% 20% 30% 38% 18% 21% 38% 39% 39% 42% 56% 77% 38% 45% Leaders trust-focused and consumer-centric Adopters testers and aspirers Laggards process-focused and tactical Leaders vs Laggards Strategic alignment Consumer- centricity Data management Security and infrastructure Source: Deloitte Retail executive survey on US Consumer Data Privacy (N=201)
  13. 13. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 24 With increased scrutiny on consumer and data privacy, there is a call to action to define a new standard that works for consumers and retailers 24 03 02 01Lead with consumer-centricity and consumer experience Treat data as an asset, someone should own and champion it Embrace privacy by design03 02 01 Work with leading trade associations to set the privacy standard Be transparent with consumers and regulators on source and uses of data Actively engage with state and federal lawmakers Internal External
  14. 14. Consumer privacy: The new regulatory frontierCopyright © 2019 Deloitte Development LLC. All rights reserved. 25 Retailers who focus on consumer privacy as a strategic growth driver are poised to create more meaningful data, enhance consumer engagement, and reduce risk exposure all while staying ahead of the evolution of privacy in consumer business
  15. 15. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States, and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Copyright © 2019 Deloitte Development LLC. All rights reserved.

×