5 minute read

Why you need to pay attention to data privacy (your longevity depends on it)

Tuesday, May 17, 2022

5 minute read

Businesses can now use data to better understand and meet their customers' expectations thanks to smartphones, social media accounts, search history, and transaction data. While all this data is a treasure trove to leverage, it's also an important responsibility for a business to protect it.

As a result, protecting customer data and privacy is cited as one of the top three trends that will have the greatest impact on businesses, as discovered through research and interviews conducted for our 2022 Commerce and Payments Trends Report.

Data privacy and payments

Data privacy involves properly handling sensitive data and uses, which can include financial data, to meet customer expectations and regulatory requirements.

Your business is likely well-versed in data protection. But when it comes to personal data, the standard of protection may be even higher. Data privacy laws and regulations often have specific requirements for handling personal data, including payment information and other personally identifiable information (PII).

Not only do these rules govern how personal data is collected, shared, and used, but they also outline the legal repercussions your business will face if personal data is stolen, shared, or otherwise exploited in a manner not intended by the data subject.

Why is data privacy a top 2022 trend?

While data privacy concerns have been around for years, there are several market drivers bringing data privacy to the forefront. These drivers include:

  • New uses for data: Data analytics capabilities have made it possible to undertake sophisticated analysis of patterns and trends. This analysis can enable the personalization of the customer experiences, from marketing to making and authenticating the sale. Despite these upsides, collecting customer data can put your business at greater risk of violating personal data privacy rights.
  • The proliferation of data: It's not just data volume that continues to grow. Businesses also have to manage an increase in data sources. With more customer data spread across more vendors, the chance of personal information being exposed only continues to increase.
  • New government regulations: In addition to maintaining compliance with established data privacy regulations such as GDPR, GLBA, and HIPAA, a host of new regulations are expected to pass in the coming months.
    • In the US, the International Association of Privacy Professionals is currently tracking privacy legislation in 17 states to join California's privacy laws, along with newly passed laws in Virginia and Colorado that have yet to come into full force.
    • In Canada, the Canadian Consumer Privacy Protection Act would give consumers more control over how businesses can use their data.
    • In Asia Pacific, Japan recently updated its Act on the Protection of Personal Information to further extend its protections to Japanese consumers. It extends its coverage to any business that transacts with individuals located in Japan—whether or not the company itself is based in Japan.
    • In Europe, while not new, GDPR governs data privacy, and it's one of the most comprehensive data privacy standards in the world, giving consumers authority and control over how businesses process their personally identifiable information. Although it's an EU regulation, the GDPR can and often does extend to companies outside of the EU, depending upon their customers.
  • New customer preferences: According to a recent study, 68% of consumers believe that companies benefit more from using their data than they do. As consumers become more aware of how data is collected and used, they may become more likely to distrust companies and limit the data they are willing to share in the future.
  • New payments technology: The digitization of commerce is driving payment innovation ahead faster than ever before. Now customers no longer just use cash or credit cards to pay. They're comfortable paying with a variety of new methods, such as digital wallets, contactless payments, buy now pay later, and other local payment methods. These new payment technologies present new data privacy considerations to address, and how you protect data in one solution may not work in another.

"There's definitely a tension between technology innovation that relies on the use of personal data and the direction of privacy regulations. This tension is not necessarily new, and it's certainly not going away, but it has intensified in recent years."

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

"There's definitely a tension between technology innovation that relies on the use of personal data and the direction of privacy regulations. This tension is not necessarily new, and it's certainly not going away, but it has intensified in recent years."

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

What data privacy issues mean for you

Without a doubt, now is the time to make your data privacy policies a top payments initiative.

To get started, make sure you familiarize yourself with all the data privacy laws applicable to your business. This can be a significant undertaking in itself, especially if you do business internationally or with international customers. Even a company that only sells in one country may have to navigate a variety of local privacy laws.

In addition to reviewing data privacy laws now, make sure you consistently review legislative changes quarterly. This will allow you to update your data privacy policies in time to maintain compliance with the regulations in the countries and states where you do business. Some of the new laws, like the California Privacy Rights Act, provide data subjects with new rights regarding the use and maintenance of their personal information.

If you do suffer a customer data breach, the last thing you want to do is make up a response as you go along. Plan for the worst by having a written incident response plan so you can notify the proper authorities, investigate the incident swiftly, collect the right data, and take the correct remediation steps as quickly as possible. Data privacy laws where you do business should inform your response plan. GDPR, for example, requires that you notify the applicable regulator within 72 hours of a data breach.

Without a doubt, now is the time to make your data privacy policies a top payments initiative.Tweet Quote

Finally, take the time to incorporate data privacy into your payments strategy instead of bolting it on as an afterthought. Work with your payment provider to make sure they take security seriously and appropriately integrate data privacy, security, and protection into their solutions. They can also help guide you in your data privacy approach, but remember that data privacy is ultimately your responsibility.

Download our 2022 Payments and Commerce Trends Report to learn more about data privacy.

RECOMMENDED FOR YOU