Data is the beating heart of a great customer experience strategy. As companies invest more in data collection and analysis to better anticipate customers’ needs and power generative AI tools, the importance of robust data protection is rising.
The volume of data breaches reached a record high last year amid rising privacy concerns. Surveys show that customers see data privacy as a top priority and many worry that companies prioritize profits over security.
CX leaders that collaborate across the enterprise to minimize data collection and dispose of old information properly can keep customers’ personal information safe while building trust.
A smart data security strategy starts with only gathering essential information, according to Saz Kanthasamy, principal researcher for the International Association of Privacy Professionals.
“If you don't have the data in the first place, you can’t get it wrong," Kanthasamy said. “If you don't collect it and you don't have it, it's not at risk of being breached.”
Leaders can determine the data they need by tying it to their goals — whether that's improving customer service or personalization, according to Brian Cantor, managing director of digital at Customer Management Practice.
For instance, a retailer can make a customer’s life easier and speed up the checkout process if they keep a customer’s credit card data on hand. But as it’s unlikely that medical information will prove useful, a retailer should not collect such data, Kanthasamy said.
Proper data disposal breeds trust
A proper data disposal strategy is a key layer of protection. The practice, combined with proper communication, can also revive lapsed customer relationships.
Some data only needs to be kept for so long. But even data that isn’t useful to a company can cause problems in a breach, according to Kanthasamy.
The data disposal process starts by knowing how long different kinds of collected data need to be retained, Kanthasamy said. Data that should be kept for a couple years can have very different security and disposal protocols compared to data that needs to be held indefinitely.
Leaders should also know where data is kept, whether on physical hard drives or in the cloud, according to Kanthasamy. Cloud providers often stipulate how information can be treated, which impacts its eventual disposal.
"It's about working through that process and making sure at the end of it, as an organization, you can say, ‘Actually, yes, we have deleted this data,’ and you can prove it,” Kanthasamy said.
Proper data disposal can build trust. A company can show that it takes security seriously by informing a customer that their data will soon be deleted, Cantor said.
Companies can also build trust with customers by giving them the option to save data. A retailer, for example, can ask a customer if they’d like to preserve their shipping information instead of filling it out from scratch next time.
“What you're essentially doing is you're providing that assurance of security, but you're also opening the door for renewing the relationship,” Cantor said. “If someone says, ‘Hold on, I may use you next month, I don't want to have my account deleted,’ you've now created a new opportunity to engage.”
Data protection is a team effort
Customer experience teams can’t keep data safe by themselves.
The concept of silos is “ultra-cliche in pretty much any business conversation,” according to Cantor. That doesn’t diminish the importance of cross-department collaboration between compliance, IT and CX in data security.
"When you have that many separate siloed parts, reacting to things and fixing things and eliminating breaches becomes far more difficult,” Cantor said.
The key stakeholders should come together to form an incident response plan, according to Kanthasamy. This process includes creating, testing and practicing potential data breach scenarios.
This helps leaders identify weak points and the proper responses to specific problems, Kanthasamy said. Some breaches might require all hands on deck, while others may only need a subset of stakeholders. Understanding each scenario ensures the right people react quickly.
Data disposal protocols need to be consistent across stakeholders as well, according to Cantor. Customer experience encompasses a range of roles, and different teams may be collecting different data for different reasons.
For instance, an inquiry collected through social media may be connected to a username rather than the customer’s actual name, Cantor noted. If social media data is stored separately, it may be retained after that person’s other information is deleted.
"Really make sure you know what your data expiration approach is and make that consistent across different teams and channels,” he said.
