The pandemic altered the way many B2B2C manufacturers interact with customers. While the retail outlets that would typically distribute their products were closed, many manufacturing brands in consumer packaged goods (CPG), fashion, equipment, etc., realized the value of adopting a direct-to-consumer strategy.
These brands traditionally had limited interaction with the end consumer, as their model was to sell their product to a reseller. However, with resellers closed or operating at limited capacities, many manufacturers wisely built digital experiences to interface with, sell to, and collect data from their customers directly.
Data that was collected and owned by resellers or intermediaries suddenly became available directly to the manufacturers to learn from and capitalize on — opening new revenue streams by charging other entities for their data, using the information to cross- or upsell products or create a more frictionless experience for customers.
For example, a carmaker recently approached Thoughtworks with the question, "What tools can we arm salespeople with to provide the sales experience of the future?" In partnership, we built a platform that leveraged the carmaker's data to provide quicker access to information and sales tools, meaning greater customer satisfaction.
Risks of Data Collection
However, there are inherent risks in collecting consumer data — not only of hacking, malware, and data theft but also misusing the collected data that may damage one's brand or even create legal exposure.
While many think of malware and hacking as the greatest threat to organizations, a new "Looking Glass" trends report from Thoughtworks suggests organizations should be giving equal attention to avoid shooting themselves in the foot by incorrectly using consumer or employee data.
It finds that handling data and information in accordance with evolving regulations and changing expectations will be critical to having a competitive advantage and fostering customer loyalty. In fact, we believe the mishandling of consumer data could yield damages equal to or even greater than a hack.
Rather than reactive measures, enterprises should proactively create ethical frameworks to guide technology and data use. These frameworks establish a baseline of respect and security for customers, minimizing consumer harm. Customer privacy doesn't compromise business goals.
I encourage manufacturers to consider the following to keep data compliant, secure, ethical, and productive, while still working toward objectives:
- When it comes to data, what you don't do is as important as what you do. Since the big-data trend, firms often collect and store data without considering its necessity. Today's machine-learning algorithms also encourage a degree of data hoarding. But data must be recognized as a liability and an asset. Hackers can't steal what you don't collect, and a security snafu can't leak customer information that's not in your database. Think selectively about the data you need and the possible fallout if it is stolen or leaked. Managing less data is easier.
- Adopt decentralized security. As cyber threats evolve, previous methods are ineffective. There's no safe boundary or perimeter anymore. System design should enable risk management and security enforcement across the entire architecture, employing security-in-depth practices such as encrypted communications, segmented regions, granular authentication and authorization, and intelligent intrusion detection systems.
- Analyze the AI in security. AI capabilities are increasingly important in software applications. Organizations should leverage this to help security professionals identify and react to threats and predict attack vectors. While automation isn't a replacement for trained professionals, it can automate basic defenses, allowing focus on critical threats.
- Anticipate increased regulation. While we've flagged some of the most recent regulations to emerge in the privacy space, organizations should be prepared for more. Worldwide, there are a significant number of data protection laws already on the books, with more to come. Challenges will emerge as compliance grows more complex, especially for firms operating in multiple jurisdictions. When GDPR came into effect, many US-based news sites blocked Europeans from accessing their websites because of concerns about falling foul of a law they didn't understand.
- Build products with robust security and privacy practices. This requires commitment and strong leadership; security and privacy should be ingrained in the organization's culture. Teams shouldn't consider these aspects nice-to-have, optional, or postponable for cost-saving purposes. Leaders must set the tone that security is a priority for everyone. Data breaches often result from employees not changing passwords or ignoring alerts.
To adequately address privacy, I urge manufacturers to think differently about data. Specifically, they should prioritize well-thought-out governance measures that enable informed decision-making regarding data collection, access and usage. By appointing data owners, manufacturers could ensure data is handled responsibly and ethically. Having a strong governance framework holds a particular value for organizations in protecting privacy and user data.