Why you need to pay attention to data privacy (your longevity depends on it)

Friday, February 24, 2023 5 minute read
Hero image for 'Why you need to pay attention to data privacy (your longevity depends on it)' article

5 minute read

*Editor's note: This article was updated on February 24, 2023, from its original publish date of May 17, 2022.

Businesses have never had more insight into their customers than they do today. Smartphones, social media accounts, search history and transaction data are powerful ways to understand customer behaviour and meet their needs. But with this power comes an important responsibility to protect that data—both for the customer's sake and your company's.

This responsibility will only grow as the digital world and daily life continue to overlap. That's why we think protecting customer data and privacy is one of the top three trends impacting businesses today, as discovered through research and interviews conducted for our 2022 Commerce and Payments Trends Report. Here's what every business should know.

Data privacy and regulations

What does it mean to ensure data privacy? It starts with properly handling, using and protecting sensitive data to meet both customer expectations and regulatory requirements.

You're probably up to speed when it comes to business data protection. But for customer data, the standard for protection may be even higher. Data privacy laws and regulations often have specific requirements for handling personal data—including payment information and other personally identifiable information (PII).

These rules determine how personal data can be collected, shared and used. And they outline the legal repercussions your business will face if personal data is stolen or improperly handled, shared or exploited. Familiarizing yourself with the data privacy rules that apply to your business is key.

Why is data privacy important?

While data privacy concerns have been around for years, there are several market drivers bringing the issue to the forefront right now.

  • The proliferation of data: As new methods, platforms and applications emerge, businesses have to manage an increase in data sources along with a growth in the volume of data. With more customer data spread across more vendors, there are more opportunities for personal information to be exposed.
  • New government regulations: In addition to maintaining compliance with established data privacy regulations such as GDPR, GLBA and HIPAA, businesses need to keep up to speed with a host of new regulations that are expected to pass in the coming months.
    • In the US, the International Association of Privacy Professionals is currently tracking privacy legislation in 17 states that would see them join California's privacy laws, along with newly passed laws in Virginia and Colorado that have yet to come into full force.
    • In Canada, the Canadian Consumer Privacy Protection Act would give consumers more control over how businesses can use their data.
    • Japan recently updated its Act on the Protection of Personal Information to apply to any business that transacts with individuals located in Japan—whether or not the company itself is based in Japan.
    • While not new, Europe's GDPR is one of the world's most comprehensive data privacy standards. GDPR gives consumers authority and control over how businesses process their personally identifiable information. Although it's an EU regulation, the GDPR can and often does extend to companies outside of the EU, depending upon their customers.
  • New customer preferences: According to a recent study, 68% of consumers believe that companies benefit more from using data than the customer does. As consumers become more aware of how data is collected and used, they may become more likely to distrust companies and limit the data they are willing to share.
  • New payments technology: The digitalisation of commerce drives payment innovation faster than ever. Customers are increasingly comfortable paying with a variety of new methods, including digital wallets, contactless payments, buy now pay later and other local payment methods. These new payment technologies present new data privacy considerations for businesses. And the way you protect data for one solution may not work for another.

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

"There's definitely a tension between technology innovation that relies on the use of personal data and the direction of privacy regulations. This tension is not necessarily new, and it's certainly not going away, but it has intensified in recent years."

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

"Data privacy is very difficult. We have stratification of regulation across every jurisdiction. We have a different rule in every state. We have different rules in cities, in some cases. We have different rules in most countries. Not only do we have different rules, we have constantly changing rules." —Dara Steele-Belkin, SVP, assistant general counsel, chief privacy officer at Global Payments

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

Dara Steele-Belkin
EVP, Assistant General Counsel, Chief Privacy Officer at Global Payments

It's time to make data privacy a priority

Without a doubt, now is the time to make your data privacy policies a top payment initiative. Start by familiarising yourself with the data privacy laws that apply to your business. This can be a significant undertaking, especially if you do business internationally. But it's not a one-and-done affair.

Regulations change frequently. Keep up to speed by holding quarterly reviews of the latest developments so you can update your data privacy policies in time to maintain compliance.

If you do suffer a customer data breach, the last thing you want to do is make up a response as you go along. Plan for the worst by having a written incident response plan so you can notify the proper authorities, investigate the incident swiftly, collect the right data, and take the correct remediation steps as quickly as possible. Data privacy laws where you do business should inform your response plan. GDPR, for example, requires that you notify the applicable regulator within 72 hours of a data breach.

Without a doubt, now is the time to make your data privacy policies a top payments initiative.

Finally, take the time to embed data privacy into your payment strategy instead of bolting it on as an afterthought. Work with your payment provider to make sure they take security seriously, and that they integrate data privacy, security and protection into their solutions. Your payment provider should also be able to help guide you in your data privacy approach. But remember—data privacy is ultimately your responsibility. And as we've seen, the longevity of your business depends on getting it right.

Download our 2022 Commerce and Payment Trends Report to learn more about data privacy. And be sure to check out our 2023 Commerce and Payment Trends Report to learn more about 2023's emerging trends.