After another up and down year of COVID, I’m looking forward to some holiday joy, and to some fun holiday shopping. Like many others since the start of the pandemic I’ll be doing a lot of that buying from home, online. And some of the hottest items on the list – from smart watches to picture frames – come with internet connectivity built in. All of this has me wondering about the data that will be collected about me or my family in the upcoming holiday season.
Many of the articles I found when searching for “online holiday shopping data privacy” put the responsibility on consumers, with reems of advice on what we should do to protect our data. But that’s actually harder for consumers than ever. Although a handful of state-level privacy regulations were passed this year, the lack of a consistent state by state consumer data privacy laws, or a US federal law like GDPR, makes it very challenging for consumers to understand what they’re agreeing to or what they might be giving up.
This means online retailers must step up. The flip side to the benefits of gathering data is the responsibility to keep it safe. Is your data privacy program ready for the holiday season? Is it naughty or nice?
Online holiday shopping is bigger than ever (and so is customer data collection)
COVID-19 threw a hitch into a lot of normal activities last year – from working from home to learning from home to watching movies from home. Sensing a trend? Holiday shopping was no exception. Before last year’s shopping season, a Deliotte survey showed 64% of respondents planned to spend their holiday shopping budgets online. For the first time, Cyber Monday surpassed Black Friday with 59% of respondents planning to shop on Cyber Monday versus 48% on Black Friday.
The trend continues this year with two-thirds (66%) of respondents to a leading customer data platform survey saying they buy online now more than they did before the pandemic. For the holidays this year, nearly half plan to combine in-store and online shopping, and more than one-third plan to use e-commerce exclusively.
This increase in online shopping has led to an increase in online shopping data – creating both a windfall and a responsibility for retailers.
Concern over customer data privacy hasn’t magically disappeared
COVID has convinced some consumers to overcome their distrust of online shopping – the Holiday Shopping ID Theft survey showed that 73% of those who avoided online shopping in the past say they have become more comfortable shopping online since the start of the pandemic. But 66% of surveyed still expressed concern about their financial or personal information being compromised due to a data breach while shopping this holiday season.
This concern is no surprise – even though most consumers are unaware of all the data gathered about them while online shopping, even just the leak of name, a credit card number, and address could lead to issues. On top of that, retailers collect info about what customers are buying, sites visited, products considered, browsing patterns, and more. Consumers say they value privacy over customized marketing, but as customized marketing continues to be effective for retailers, there are no signs of this slowing.
Ensure your customer data privacy program makes the “nice” list
It’s practically impossible for consumers to have a clear idea of all the data companies are gathering on them because it’s primarily behind the scenes, with a cookie notification popping up here and there. And let’s be honest, we all just click whatever it takes to make the pop up go away and get on with our shopping – just like we do with terms and conditions! Companies that value their customer relationships should take these steps to keep customer data as secure as this year’s secret Santa list:
- Know the data you’re gathering and storing: Responsible retailers need to find and classify all customer data, discover where sensitive data like credit card and social security numbers are stored, and be ready to prove to regulators they have that knowledge.
- See, understand, and document who is accessing that data in real time: Knowing about the data is just the first step. If you can’t see who is accessing it, how can you be sure it’s being used as it should be? Make sure you have a tool (like your own personal Elf on the Shelf) that reports back to you on data access and usage by user. This helps you understand what normal data usage looks like and quickly identify when users step out of line. Keep a tamper-proof record of this access to share with regulators as needed.
- Control access and mask sensitive data based on data governance policies: Implement a tool to control access and dynamically mask sensitive data so that only the allowed data goes to approved users at the right time, in line with the policies in place to comply with privacy regulations.
- Use risk-based thresholds to stop unapproved access: Once you have a clear view of who’s using what data, when and how much is needed to execute specific tasks (like emailing a discount for a hot holiday item), set up limits and thresholds to ensure sensitive data doesn’t get into the wrong hands. This confirms that only the data needed to carry out business objectives is shared and limits the potential risk of credentialed access data theft.
The hottest gift this holiday season? Customer data privacy
With so much being thrown at consumers over the last two years, the best gift retailers can give their customers this holiday season is to take one more worry off their plates: data privacy. Retailers need to ensure sensitive and private customer data is controlled and protected, keeping it safe, so consumers can just focus on finding the latest, coolest gadgets and spreading holiday cheer in a year when we need that more than ever.