Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

10/9/2019
05:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier

Retail is at an inflection point with consumer privacy; nearly half of consumers feel they have lost control of their data

New York, Oct. 9, 2019

Key takeaways

  • Today, more than ever, consumers are at a greater risk for a data breach; 1 in 3 Americans has been exposed to a data compromise.  
  • Nearly half of U.S. consumers (47%) feel they have little to no control of their personal data.
  • The vast majority (86%) of consumers believe they should be able to opt-out of the sale of their data
  • Consumers are willing to share their personal information in return for benefits to them, but retailers should walk a fine line not to betray consumers’ trust.

 

Why this matters for retailers and consumer facing companies

Deloitte’s “U.S. Consumer Data Privacy” study surveyed 2,000 consumers to gain insights into their concerns about data privacy and their expectations for retailers to protect it. Deloitte also surveyed 201 retail executives on data privacy to understand how retailers differentiate across a series of privacy tenets. Nearly 3 in 4 consumers (71%) are willing to share personal data if they receive better pricing, special discounts or exclusive offers. And consumers who are satisfied with privacy policies are more likely to be open or neutral about sharing personal data (73%), compared to those who are unsatisfied or unaware (57%).

Retailers should become data-wise and privacy conscious

Consumer privacy is at an inflection point in retail, with significant business, financial, and regulatory reasons for retailers to act now. Not only are consumers becoming increasingly aware of threats to their privacy, nearly half of U.S. states have introduced or enacted new privacy legislation, impacting 54% of the population. In California alone, the California Consumer Privacy Act introduces some of the most stringent regulations and the cost of noncompliance is too high to ignore.

Growing regulatory concerns

The survey found that 75% of retailers believe regulations will have a moderate to significant impact on their business. However, only 22% have optimally integrated their data privacy plan with corporate and business unit strategy planning. This misalignment could be a significant opportunity, considering 62% of retailers have more than 50 information systems (e.g., spreadsheets, customer relationship management systems, email, point-of-sale) holding consumer data in their organization, which increases the vulnerability of their data. 

Key quote

“While some retailers have moved the bar on data privacy, there is still a lot of work to do. The retail industry should advocate for a consumer privacy standard putting consumer centricity at the core and trust as the guide. Transparency with consumers about what you collect and how you use it can go a long way in developing trust.

Retailers who focus on consumer privacy as a strategic growth driver are poised to create more meaningful data, enhance consumer engagement and reduce exposure to risk, all while staying ahead of the evolution of privacy in consumer business.” -Rod Sides

vice chairman and U.S. leader, retail, wholesale and distribution, Deloitte Consulting LLP

 

Disconnect fuels the trust deficit

The disconnect between how consumers perceive retailers use their data, and how it is actually used fuels the trust deficit. More than two-thirds of consumers believe data is being predominantly used for targeted marketing and 55% of consumers believe retailers share data with third parties or sell it to outside buyers.

Retailers have an opportunity to build trust with consumers by openly sharing how data is used. For instance, retail executives noted that the top three uses of consumer data are: increasing operational efficiencies (53%), improving product selection (52%), enhancing in-store services or experiences (49%). 

Retailers should also be purposeful when collecting data from consumers. Consumers are wary of the “creep factor” — when they feel that retailers are using their personal information in a way that violates their expectations. While consumers are willing to share their information for something in return, they are holding retailers to a higher standard for the stewardship of their information and the level of trust they hold in those companies as a result.

Leaders are trust-focused, consumer centric

Amid the challenges evident in the consumer market, there are clear distinctions in performance and lessons to be learned in the way retailers approach privacy. According to the survey of retail executives, just 32% of retailers are classified as “leaders” in terms of privacy. Leaders are trust-focused and consumer-centric with privacy integrated into corporate strategy. “Laggards,” those who had not made privacy a priority, represented 27%. “Adopters,” whose organizations were working to increase the focus on privacy, but at varying focus levels, represented 41% of all retailers surveyed. Retail industry leaders can benefit from becoming data-wise and privacy conscious while striving for a new standard that addresses concerns from both consumers and regulators, the report notes.

Key quote

“With increased scrutiny on consumer and data privacy, there is a call to action to define a new standard that works for consumers and retailers. Future leaders in data privacy should adopt guiding principles that align across the entire organization as an essential part of their strategy, culture and operations. Retailers should work every day to connect with consumers in a way that builds trust, manages legal risk and enables their growth strategy.”

 

-Rob Goldberg

cyber risk leader, retail, wholesale and distribution, Deloitte & Touche LLP

 

Challenges to implementing an effective consumer data privacy program

Only 5% of consumers listed retailers among the top three businesses they trust with their personal data as compared to other industries. Further, 63% believe retailers are accountable for ensuring consumer privacy in the retail industry, more so than the government (50%), technology partners (27%) or even consumers themselves (27%). This challenge is compounded further by the disconnect between consumer perception and what information retailers collect or how they use it.

Additionally, retailers face specific strategy and capability challenges when designing and implementing a consumer privacy program. Inadequate data management within an organization (50%), inadequate technology tools for privacy management (45%), lack of sufficient funding (43%), and lack of clear government regulation (43%) rank among the key challenges faced by retailers.

For additional information, visit: http://www.deloitte.com/us/consumer-privacy. Connect with us on Twitter at @DeloitteCB or on LinkedIn @RodSides.

About the Center

Deloitte Insights Consumer Industry Center (the “Center”) provides a forum for innovation, thought leadership, groundbreaking research, and industry collaboration to help companies solve the most complex industry challenges.

 

Technology is changing at a rapid pace, and so are consumers. How will these changes impact the way our clients do business in the future? Deloitte Insights Consumer Industry Center (the Center) provides premiere insights based on primary research on the most prevalent issues facing the Consumer industry to help our clients run effectively and achieve superior business results.

 

The Center is your trusted source for information on leading trends and research that connect insights, issues, and solutions for Deloitte’s four Consumer sectors: Automotive, Consumer Products, Retail, Wholesale & Distribution and Transportation, Hospitality and Services.

 

About Deloitte

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today’s marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 312,000 people worldwide make an impact that matters at www.deloitte.com.

 

Contacts

Anisha Sharma

Public Relations

Deloitte Services LP

+1 201 290 9119

[email protected] 

Courtney Smith

Public Relations

Deloitte Services LP

+1 571 882 5197

[email protected] 

 

 

 

 

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Dueling Free Throws A riff on the song Dueling Banjos
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.