Majority of UK businesses interviewed admit to selling customer data to other organisations/business partners. Less than half of UK consumers are willing to provide organisations with their personal data in exchange for free or less expensive services
CA Technologies (NASDAQ:CA) today revealed the results of an extensive global study of consumers, cybersecurity professionals and business executives about their views on digital trust.
Conducted by analyst firm Frost & Sullivan and sponsored by CA Technologies, the inaugural report, titled “Global State of Digital Trust Survey and Index 2018”, reveals that UK consumers have only a marginal degree of trust in organisations to protect their digital data. That level of trust is among the lowest of any country in Europe—indeed the world. Moreover, a perception gap exists between UK consumers and business: UK organisations believe consumer trust is significantly higher than the reality.
“This new study reveals a marked gap in perception on trust, as it relates to UK consumers’ expectations and the way organisations collect, store and use their digital information,” says Stephen Walsh, Sr Director, Security, CA Technologies. “Consumers are increasingly transacting online, providing businesses with access to vast amounts of data, and organisations are consequently processing and storing a growing amount of personally identifiable user data. If businesses don’t do their due diligence to protect consumer data from getting into the wrong hands, trust can be fleeting, which can negatively impact the bottom line.”
The Digital Trust Index
Frost & Sullivan calculates the Digital Trust Index based on a number of different metrics that measure key factors around the concept of digital trust, including how willing consumers are to share personal data with organisations, how well they think organisations protect that data and the extent to which consumers believe companies sell their personal data to other companies. The result is a sliding scale where a 1 represents “no trust” and 100 is “total trust.”
UK responses to the survey reveal that the Digital Trust Index for 2018 is 56 points out of 100 in the UK, lower than in France (58) and Italy (57), but above Germany (54). It is also markedly lower than the 61 Index global average score. These scores indicate only marginal faith by UK consumers in the ability or desire of organisations to fully protect user data.
By contrast, UK cybersecurity professionals and business executives score an average of 73 on the Digital Trust Index – a perception gap of 17 points – signifying mismatched perceptions among these audiences in a measurement of perceived consumer trust versus actual consumer trust.
Key highlights from the study
The study reveals other interesting attitudes and perceptions among UK consumers and organisations with regards to digital data protection.
- Less than half of UK consumers (46 percent) are willing to provide organisations with their personal data in exchange for free or less expensive services.
- The majority of UK organisations (56 percent) admit to using consumer data internally, including personally identifiable information (PII). And 47 percent of UK business executives admit their organisation sells consumer data (including PII) to other organisations/business partners. However, only 33 percent of UK cybersecurity professionals stated they knew that their company was selling this data.
- An overwhelming majority (83 percent) of UK consumers prefer security over convenience during the transaction authentication process. However, UK organisations see it differently: only 60 percent of cybersecurity professionals and 59 percent of business executives place security ahead of convenience.
- The vast majority (88 percent) of UK business executives claim that they are “excellent/very good” at protecting consumer data, showing a high level of self-confidence, despite the fact that the majority (56 percent) of UK business executives admitted that their organisation had been involved in a publicly disclosed consumer data breach. Moreover, 44 percent claim that data breach occurred within the last year.
- Some 29 percent of UK consumers report that they currently use the services of organisations that were involved in a publicly disclosed data breach. Of these, 32 percent have stopped using the services of an organisation because of a breach.
- More transparency on data protection policies is required: 64 percent of UK consumers and 89 percent of UK organisations agree that providing consumers with easy to understand information about data protection policies increases consumer trust. However, only one third (32 percent) of UK consumers claim to receive this information, although 85 percent of organisations claim they provide it.
Amidst a continuous stream of headlines about major data breaches in enterprise and government agencies, the degree to which UK consumers have placed their trust in organisations to protect their PII online has never been more relevant.
The study results point to a significant gap between how UK organisations view their responsibilities on data stewardship and consumer expectations around how organisations protect consumer data. In the application economy where data is king, organisations must prioritise data privacy and security or risk serious ramifications. Organisations can mitigate these risks by taking a proactive stance on security, such as narrowing their policies for sharing user data, reducing privileged user access, implementing continuous user authentication technologies, and adopting better cybersecurity and privacy controls to stop hackers.
“We are at a crossroads in the information age as more companies are being pulled into the spotlight for failing to protect the data they hold. With this research, we sought to understand how consumers feel about putting data in organisations’ hands and how those organisations view their duty of care to protect that data,” says Jarad Carleton, industry principal, Cybersecurity at Frost & Sullivan. “What the survey found is that there is certainly a price to pay – whether you’re a consumer or you run a business that handles consumer data – when it comes to maintaining data privacy. Respect for consumer privacy must become an ethical pillar for any business that collects user data.”
“To build more trusted consumer relationships, businesses need to work harder at protecting data against abuse from external and internal sources,” Stephen Walsh comments. “They need to understand that success in the digital economy requires a security-first mindset – a key tenet in our Modern Software Factory model. A loss of digital trust has implications on all aspects of a business and brand perception.”
For full survey methodology details, see the report “Global State of Digital Trust Survey and Index 2018.”
The global online survey of 990 consumers, 336 security professionals and 324 business executives across 10 countries was sponsored by CA Technologies and conducted by Frost & Sullivan in March and April 2018. It included 598 respondents in Europe, from the U.K., France, Germany, and Italy. The survey’s respondents assume senior business and IT positions at public and private enterprises across nine industry sectors.
UK versus Australia – data regulation on both sides of the world
By Guy Hanson, VP, Customer Engagement, Validity
While consumer data privacy continues to be a hotly debated topic and many regions are still grappling with how to effectively regulate this area, companies are fast realising that there’s much to be gained by adopting stricter data practices, regardless of whether they’re required to by law or not.
In regions that have introduced strong data regulations, like GDPR in the EU, companies have demonstrated improved results from their digital marketing programs, including increased customer engagement, higher consumer trust, and greater return on investment. In fact, for marketers everywhere, GDPR has been an unlikely lesson in the commercial benefits of giving consumers greater control over their personal data. Marketers appear to be relishing the benefits that tighter regulation has provided, and in the DMA’s “Data Privacy: An Industry Perspective” report, almost 60% said they would like to see “more strict” data protection policy in the UK.
GDPR – from villain to hero
When GDPR came into force in May 2018, organisations across Europe were concerned about how they could continue to operate successfully under the tighter regulations. Many were worried that their marketing programs were going to be severely set back at the hands of the new laws.
A common concern for digital marketers in particular was their valuable email contact lists. GDPR enforces a requirement for subscribers to opt into email marketing correspondence. If they do not, the assumption is that they opt-out. Due to this, marketers had to choose whether to use “consent” or “legitimate interest” as their legal basis for processing personal data. Legitimate interest tended to be used when a customer relationship already existed, but it was where consent was relied upon that we saw many marketers having to chop away at sizeable email lists built up over many years. This is because consent had to be refreshed if the previous permission model had not met GDPR standards, for example a pre-checked box, and this resulted in many marketers effectively starting their lists from scratch.
However, despite their initial concerns, just one year after GDPR was introduced, businesses saw email marketing initiatives receive a host of benefits. The DMA’s Data Privacy report found that GDPR offered broader business benefits with almost half (49%) of marketers stating that consumer trust in the handling of their data had improved as well as nearly a quarter (22%) saying customer relationships had been bolstered.
On top of this, the DMA’s Marketer Email Tracker report noted an uplift against all major KPIs: increased deliverability (67% of respondents), open rates (74%), click-through rates (75%) and conversion rates (67%). Negative metrics that marketers want to avoid also reduced. Opt-outs and spam complaints were down by 41% and 55% respectively. This is hugely important as improved deliverability and lower complaints means companies have an in-built advantage when it comes to getting in front of their consumers.
The global legacy of GDPR
In many ways, GDPR has provided the blueprint for global data privacy regulations and many other countries and regions have either introduced (or are on their way to implementing) their own version of the tighter regulations. For example, the California Consumer Privacy Act (CCPA) is now in effect in the US. Despite some delays, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) is now live.
Even in regions where new regulations haven’t been introduced, the influence of GDPR is still being felt — with many companies in these locations choosing to be proactive in protecting customers’ personal data regardless. A great example of this is Australia.
Australia – an exemplar of data privacy awareness
Compared to other parts of the world like the EU, Australia has long had a more relaxed approach to data privacy. Its current privacy laws date back to the 1988 Privacy Act and have remained largely unchanged since then (outside of some specific legislation such as the Spam Act 2003). While the Australian Government is set to conduct a review of the Privacy Act — including a potential right for consumers to have personal information erased as is the case under GDPR — this won’t happen for several years
But despite having more relaxed regulations, many Australian companies choose to adopt strict data governance protocols. In fact, when it comes to ethical data practices, Australia is very much ahead of the curve without being legislated to do so.
The increase in the adoption of ethical data practices from companies in regions like Australia, where laws are less stringent, is indicative of growing global awareness around the commercial benefits of strong data governance.
By respecting privacy and using data thoughtfully, Australia has gained from one of the highest deliverability rates outside of Europe and Canada according to Validity’s 2020 Email Deliverability Benchmark report. Companies engender consumer trust and loyalty — the modern-day currency of business – and this has never been more critical than in recent times with the disruption caused by the global pandemic.
Building trust in an uncertain world
With a large chunk of the world now working, socialising, and conducting everyday life online, consumers need extra assurance that the products and services they access take their privacy and personal data seriously. A recent report by Cheetah Digital found that in light of privacy breaches, many consumers are changing their online behaviour including installing ad blocking tech, disabling location tracking, and deleting cookies regularly. At a time when there have never been more online options for consumers, losing their trust quickly results in lost revenue.
Despite what some may think, adhering to good data governance does not mean sacrificing valuable insights and innovation. As demonstrated by GDPR, implementing more thorough data practices results in greater engagement and more accurate customer insights which in turn helps businesses to innovate faster. This is why more and more companies are proactively adopting stricter data policies, regardless of their region’s regulations.
Furlough Fraud: genuine mistake or cheating the system?
As the furlough scheme comes to an end, many employers will be at risk of falling foul of its stringent and complex rules and potentially facing penalties for ‘furlough fraud’, but with the 20 October amnesty introduced by HMRC, companies that have made genuine mistakes have a chance to rectify them without being penalised. Walker Morris’ Gwendoline Davies, Head of Commercial Dispute Resolution, and Andrew Northage, Partner in the Regulatory & Compliance team, share the facts businesses need to know ahead of the deadline.
The furlough scheme – designed to support businesses who are unable to pay the salaries of their full workforce during the coronavirus pandemic – is set to come to an end this month and thousands of businesses have come under investigation by HMRC for falsely or mistakenly claiming whilst employees have been working as normal, part-time, or ‘volunteering’ their time.
According to research by legal rights app Lawya[i] in June, one in three furloughed workers were pressured by their employers to continue working for them and this ranged from being asked to check emails, to attending their physical workplace and, being pressured to ‘volunteer’ their time. In July, the Policy Exchange think tank warned that furlough fraud – whether genuine mistakes or wilful deception – could cost the exchequer between £1.3bn and £7.9bn[ii]. According to HMRC last month, the rate of fraud and error with regards to the furlough scheme currently sits between five and ten per cent and could total £3.5b[iii]; the tax body is currently investigating thousands of claims made via its hotline by whistle-blowers.
Furlough fraud in corporates – where organisations have claimed furlough monies, whilst still having employees working in some shape or form – is a big focus for HMRC right now, though it will unlikely have the capacity to fully investigate every suspected instance. There is a possibility that some organisations have been doing this as a firmwide activity, but it’s also possible that there have been rogue departments within companies that have been wrongly claiming grants under the radar, which – if uncovered by a whistle-blower – can lead to the company coming under investigation for fraud, particularly if it is suspected by HMRC as a “high risk” case.
Although a number of companies will have been deliberately fraudulent in claiming under the Coronavirus Job Retention Scheme, the complexities of the rules and guidelines mean that many employers will have simply made mistakes throughout this period, including simple admin errors like miscalculating hourly pay or mistakes in relation to holiday periods. Nevertheless, businesses that have wrongly claimed – even if accidentally – must notify HMRC within a 90-day window of receiving the grant and ahead of the 20 October amnesty or else risk a penalty charge. If these businesses report to HMRC under the amnesty, they will have to repay their funds, however, businesses that have made genuine mistakes will not be penalised in the long run. In the hope that employers will confess to overpayments sooner rather than risk a full investigation further down the line, HMRC says it has made the process of repaying the wrongly claimed money ‘as easy as possible’[iv]. Those who have committed fraud wilfully on the other hand, face prosecution and penalties and have little defence.
The amnesty has been introduced so businesses that recognise they have done something wrong throughout the duration of the furlough scheme can come forward to declare their errors so as to avoid criminal investigation and being treated as fraudulent, even if they have made a mistake.
In addition, if a company is found guilty of furlough fraud this could give rise to a penalty of up to 100% if the error was deliberate and concealed. The business will also face reputational damage, therefore, it is important that companies carry out a self-audit and notify HMRC as soon as possible and before the 20 October amnesty. HMRC does recognise that the furlough scheme is a new and unfamiliar system where human error is bound to result in some cases of mistakenly claimed funds and that these instances do not mean companies have sought to defraud the government. As with any disclosure to HMRC, a full and early disclosure[v] of mistakenly claiming money from the furlough grant will influence the amount of penalty the regulatory body seeks in the investigation.
Companies now have only a few days to admit their mistake to HMRC and, although HR departments and company directors should carry out a full audit themselves to identify mistakes, seeking professional legal advice is recommended as soon as companies spot any irregularities. If a company suspects a significant mistake has been made following a self-audit, engaging with a legal team has the advantage of obtaining expert guidance in this complex area from legal experts who will not only be able to identify problems much faster, but they will suggest the best ways to navigate the issue whilst at the same time as ensuring communications are protected by legal privilege.
Company directors have a wide range of responsibilities under statute, regulation and the common law. With mistakes made regarding claiming furlough monies, directors should ensure that they understand the risks and implications by talking to a specialist quickly – it is crucial to involve lawyers and other professionals early to ensure that companies understand their duties and risk of liability. Otherwise, directors could even be at risk of being subject to criminal action and disqualification proceedings. Though companies that have made genuine mistakes will be faced with understanding when reporting to HMRC in light of the complexities of the scheme, legal representation is advised to ensure employers are aware of their rights and assist HMRC in their investigation, but without inadvertently making costly admissions and harming their own defence.
If your organisation is under investigation by a regulatory authority in connection with an alleged fraud, Walker Morris can advise you at every stage of the process. For information on how Walker Morris can advise your business, get in touch with the team – Gwendoline Davies, Andrew Northage and Gawain Moore:
E-money platform Contis partners with UK fintech startup Ordo on instant payments
Leading European payments provider, Contis, is excited to announce a new partnership with UK fintech startup Ordo.
Contis is powering the fintech revolution, helping businesses unleash their true potential with award-winning real-time payment solutions. Contis puts next generation accounts, cards and apps in the hands of their customers.
Ordo is also helping businesses and organisations unleash their potential with technology that makes getting paid easy. With smart, secure and automatic bank transfers, it’s one of the safest and fastest ways of managing finances between people. It also takes the hassle out of requesting and tracking business payments with immediate money transfer and automatic invoice reconciliation.
This partnership will soon make loading accounts quicker and simpler for Contis’ end-customers. With the potential to benefit over 800,000 accounts, it’ll also simplify loan repayments, fund transfers between contacts and even splitting bills between friends.
Contis is a Principal member of Visa, providing B2B issuing and processing through its wholly owned, cloud-based technology. Everyone’s needs are unique. That’s why Contis’ end-to-end platform and alternative payments technology enables every company to build their own bespoke solution. Partnering with Ordo brings additional choice and functionality for businesses and their customers.
Peter Cox, CEO and Founder at Contis, said: “We’re delighted to partner with Ordo to bring instant remittances and automatic reconciliation to businesses and account holders alike. At a time when finances are tight for many, the benefits of quick and secure digital money transfer are especially welcome.
This is the latest in a long run of Contis innovations and updates, recently including Buffer ‘secondary authorisation’ technology and international payments with Currencycloud. We pride ourselves on offering a frictionless experience to our clients and their customers. Integrating Ordo’s exciting tech has the potential to enhance payments capabilities for over 800,000 accounts and counting!”
Craig Tillotson, CEO at Ordo, said: “Our partnership with Contis means that even more businesses and their end customers can quickly start to benefit from Ordo’s revolutionary Open Banking enabled Request for Payment service, lowering costs, improving efficiency, and delivering simpler and safer payments for end customers. The shared desire of our two teams to use technology and service innovation to deliver real benefits to our clients and the complementary nature of our businesses made it an easy decision to partner with Contis and add Ordo into their end-to-end platform.”
How Siloed Data Leaves Financial Institutions Open to Fraud
By Stephanie Lapierre, CEO Tealbook Reducing the risk of fraud is a top priority for all financial institutions since fraud...
Dealing with the loneliness crisis with assistive technology
By Karen Dolva, CEO and Co-Founder of NoIsolation Humans are social beings, and for most children, school will be their...
Round Table Feature – Attracting FDI at times of crisis
In recent years the growth of Northern Ireland’s financial services sector has been fuelled by an unbeatable combination of world-class...
UK versus Australia – data regulation on both sides of the world
By Guy Hanson, VP, Customer Engagement, Validity While consumer data privacy continues to be a hotly debated topic and many...
COVID-19 is changing people’s preferences when it comes to BTL investments
By Jamie Johnson, CEO of FJP Investment Throughout 2020, investors have had to navigate increasingly treacherous and volatile market conditions...
Three things to help fintech unicorns grow profitability
By Kash Amini, CEO and Founder of MasLife The new breed of fintech companies is missing a trick with a...
How banks can take on Google in the race for AI talent
By Nicola Sullivan, solutions director at candidate engagement tech firm Meet & Engage The events of 2020 have made the...
Furlough Fraud: genuine mistake or cheating the system?
As the furlough scheme comes to an end, many employers will be at risk of falling foul of its stringent...
Five features that decrease the value of your home
When you’re preparing to sell your house or flat you might think of various steps you could take that might...
Regulatory overlaps cause conflicts, confusion and complexity: is collaboration the answer?
By Rob Fulcher, Head of Business – Americas, CUBE Global Regulatory overlaps are an ongoing, perplexing and often time-consuming anomaly....