For years, consumers had little control over their personal data. They had to share it with organizations to get goods and services, yet there were few protections in place. Today, attitudes are shifting. Privacy laws have been enacted in more than 130 countries, and consumers are more willing to act to protect their data and their privacy.
The Cisco 2022 Consumer Privacy Survey reveals that many consumers continue to be concerned about the safety of their data. And the double-blind survey of 2,600 consumers in 12 countries suggests that without transparency, many companies face an erosion in trust and brand loyalty.
In this interview, Robert Waitman, director at Cisco’s Privacy Office, shared his insights on what consumers need and how organizations should respond.
Thank you, Robert! How are consumer attitudes continuing to reflect — and drive — the elevation of data privacy from a check-the-box compliance requirement to a true business imperative?
Traditionally, privacy has been mainly about organizations having to comply with laws and regulations, but today, there’s so much more to it. Consumers have greater awareness, understanding, and concern about their personal data, and are taking a more active role in protecting it. Of course, they still have to rely heavily on the organizations they buy from and interact with to be responsible and accountable in protecting their data.
This matters a great deal to customers. Eighty-one percent of our survey respondents said that how an organization treats their personal data is indicative of the way the organization views them as a customer. And when it comes to building trust, the top thing consumers want from organizations is transparency. They want to know what data is captured, what it is used for, who has access to it, and so forth. They want to be confident in sharing their personal data or are willing to take their business elsewhere.
Privacy protections and transparency are also a very solid business investment. We saw in the Cisco Privacy Benchmark Report published earlier this year that privacy is a very attractive business investment, with the average organization getting $180 of value for every $100 they invest in privacy.
How does privacy influence consumer behavior?
The awareness and expectations that consumers have and the actions they are taking affect businesses economically, as consumers are making buying and loyalty decisions based on how they believe organizations are treating them and their data.
We see that 76 percent of respondents said that they won’t buy from an organization that they don’t trust with their data. That’s significant and impactful. It’s not something we would have even imagined a few years ago.
At the same time, one-third of consumers are what we call “Privacy Actives” — they care about privacy, are willing to spend time and money to protect their data, and most importantly, they have switched providers over the organizations’ data practices or policies.
What more should businesses be doing?
There are many activities organizations can do when it comes to using data responsibly. Based on this research, they need to do a better job when it comes to data transparency. How data is being used is such an important element of trust — even more important than some of the compliance issues. They not only need to have the processes in place to protect the data, they also need to be communicating that to their customers in accessible and easy-to-understand ways.
I think it’s something Cisco does very well with our Privacy Data Sheets and Data Maps. These tell our customers exactly how data is used in our products and services, who has access to it, and how long it’s kept. This kind of transparency should be a priority for all organizations around the world.
The study underscores the potential, but also the concerns, with AI.
Consumers see the value in AI, but many are concerned about the way organizations are using AI today. Consumers believe that AI has the potential to improve their lives, and more than half are even willing to share their anonymized personal data to help improve AI products and services.
But some AI applications use personal data for decision making that can adversely impact consumers, like getting a job interview or qualifying for a loan. One of the challenges is that AI algorithms can be particularly hard to explain or understand, so consumers are not getting as much transparency as they would like.
Sixty percent of our respondents said they were concerned about how AI is being used today, and 65 percent said they’ve already lost trust in some companies over their AI practices and use. That’s a concern for any organization that applies or uses AI technologies in their products or services, which is an increasing number of organizations.
How can companies build better trust with AI?
The good news is that companies can work to earn and build customer trust, even when using AI and automated decision-making. The respondents told us the best options would be giving customers the opportunity to opt out, establishing an AI ethics management program, and working to explain how the AI application makes its decisions. This is why it is so important to establish a responsible AI program that governs the organization’s processes, how it applies and uses AI in its products and services, and communicates that approach broadly. Cisco has done this with our Responsible AI Framework, and I think it’s a good model for other organizations to adopt as well.
[This blog offers more about Cisco’s responsible approach to governing AI.]
What do consumers say about privacy laws?
The majority of consumers want their governments to take the lead role when it comes to protecting personal data. While companies also have an important role to play, consumers value the oversight that government can provide. It is perhaps not surprising, then, that privacy laws continue to be seen extremely favorably around the world. Among survey respondents, 61 percent said their country’s privacy laws have had a positive impact compared to only 3 percent who said they’ve had a negative impact.
Consumers who are aware of the privacy laws are not only more likely to exercise privacy rights that help protect their data; they are also more confident that the data they share is safe. One ongoing challenge has been making individuals aware of these laws, as less than half of the respondents in this year’s survey know about their country’s privacy laws. Cisco and all organizations need to help raise the awareness of privacy laws, enabling our customers to do their part in helping to protect personal data.
Data localization — keeping data within a country’s borders — sparked some interesting responses.
Seventy-eight percent of respondents initially supported the idea of keeping data in their country or region, but if it adds costs to the products and services they buy, there’s a huge drop, to only 41 percent. In fact, in 9 of the 12 countries surveyed, more respondents were against data localization than in favor of it.
Requiring data to stay local may or may not be beneficial when it comes to security and privacy, but we do know it’s more costly. Results from the 2022 Cisco Privacy Benchmark Study show that 88 percent of organizations say that data localization is adding significant cost to their operations. This is an interesting area that we’ll continue to look at going forward.
How are Cisco’s efforts in the privacy space aligning with its core purpose of powering an inclusive future for everyone?
Protecting personal data is not only the law; it’s also about respecting all people and their rights. Interestingly, 81 percent of our survey respondents said that how a company treats their data is indicative of how they are viewed as a customer. So, in protecting their data, organizations are respecting the person. For us, it’s way more than just a legal or compliance practice, it’s a moral and ethical responsibility.
At Cisco, we view privacy as a fundamental human right. We see transparency, fairness, and accountability as keys to a responsible approach to data processing and protection. We’re focused at our core on safeguarding data, respecting the individual’s privacy, and serving the greater good — to power an inclusive future for all. And we invite other organizations to join us on this journey.
This page contains more information on cybersecurity awareness month.