Brand image is a valuable -- and sometimes the most valuable -- asset for an organization. While brand value is created over the life of an organization, it only takes one event to destroy the brand's hard-earned reputation. While some of these risks are unavoidable, many others are within an organization's control.
One risk that an organization can manage is the way in which it deals with consumer privacy protection. Privacy matters have become a more significant factor in how a customer views a brand. Lack of attention to the protection of consumer privacy can lead to a breach in trust between the consumer and the organization. An erosion of trust can be a significant factor in destroying brand value.
Privacy protection matters have increased in importance for all businesses over the last decade through regulation, contract and consumer awareness. There has been an ever-expanding regulatory framework for the protection of consumer data.
States have become more involved in how data is protected and even more aggressive in requiring the protection and reporting of privacy and data breaches. For example, Massachusetts recently introduced regulations that require all businesses that have personal information about Massachusetts residents to implement comprehensive information security programs, including written policies and procedures, for the protection of personal information.
In recent years, the federal government has been pushing privacy protection requirements on an increasing number of industries, and businesses that process credit cards now find that they have to contractually agree to protect the credit card data. The Federal Trade Commission has recently stated that it would like to create national standards for the protection of personal data applicable to all private entities.
The Presidential Identity Theft Task Force directed the FTC to look deeper into identity theft issues. The FTC looked at the relationship between the use of Social Security Numbers (SSN) and identity theft. After studying the issue for more than a year, the FTC created the following list of future actions it would like to see Congress take that would apply to all private entities:
Improve customer authentication
Restrict the public display and transmission of SSNs
Implement national standards for data protection and breach notification
Stated FTC goals include limiting the availability of SSNs and making SSNs less valuable to criminals. The FTC is expected to bring these ideas before Congress for action sometime in the near future.
While the FTC wants to expand privacy protection requirements, your organization should not wait until the FTC acts. The consumer has already spoken. Protecting consumer data is not just about complying with laws and regulations, but also about protecting corporate images. Consumers have become increasingly aware of the possibility that their lives may be turned upside down by a criminal who has accessed their private data. Consumers also have heightened their expectations of the businesses with which they interact. They expect these businesses to handle their private data with a reasonable level of care that will protect them from the criminal elements. Any lack of attention to the protection of consumer data is sure to reflect poorly on a company's brand image and value.