Handle with care

x Sponsored content on Research Live and in Impact magazine is editorially independent.
Find out more about advertising and sponsorship.

Stories about data privacy are rarely out of the news. Ever since The Guardian first published details of the US National Security Agency’s Prism scheme in June, there has been a steady drip-drip of new revelations about the extent to which government agencies are able to peer into the private conversations of internet users.

Add to that the outcries over lost personal data (the DVLA, for example), the frequent and often confusing changes made to social network privacy policies (Facebook in particular), and the instances where companies were found to be collecting more information than they had previously admitted to (Google’s Street View cars, for instance). It’s not hard to see why Paul Flatters thinks data privacy will be the next evolution of the corporate social responsibility (CSR) agenda.

Flatters is a trends forecaster and a co-founder of Trajectory Partnership. Part of his job involves tracking the ever-changing concerns of consumers – and this includes their perceptions of the way companies should behave. Flatters says there has been a notable shift in recent years away from concerns around climate change and environmental sustainability, which were common in the pre-recession era.

Since the downturn, he says, people have become much more pre-occupied with boardroom best practice. “Concerns about global warming have morphed into concerns about whether companies pay their taxes, how much they pay their top executives and what their bonuses are,” says Flatters.

But as the economy picks up again, we can expect demands for fair pay to evolve into demands for fair play in the way companies use personal data. “We do very strongly believe that how companies handle data will become a really central part of the corporate responsibility agenda,” says Flatters.

Evolving concerns

Like boardroom ethics and green issues, data privacy isn’t an issue that necessarily concerns everyone. Consider the public response to the Prism scandal, which was described as apathetic by Tom Smith, the CEO and founder of GlobalWebIndex. In a blog post shortly after the story broke, Smith noted that, while the media declared uproar and horror at the revelations, most people kept Googling, Facebooking and Skyping as usual.

Smith’s analysis is that concepts of privacy might be disappearing, particularly among the young. Certainly, social media has made younger people more comfortable with the concept of sharing details of their lives online: a GlobalWebIndex study found that 70% of 16-24 year-olds would happily publish a photo of themselves on a social platform, versus just 32% of people aged 55-64.

However, an August 2013 survey of teens by the Pew Research Center in the US found that 51% had avoided the use of certain mobile phone apps, and 46% had turned off location tracking features in their mobile phones and apps because of privacy concerns.

This kind of mixed response is to be expected, according to Flatters. “There’ll be those who are absolutely obsessed about how companies use their data, but equally there’ll be groups of people who don’t really care about it,” he says. But, crucially, this doesn’t preclude data privacy from becoming a CSR headache for firms.

“The concern around this – like all other CSR issues – won’t necessarily be driven by consumers. It might well be driven by the commentariat – the journalists who are concerned about it, and who write about it. It might not be whipped up by consumers – but you can bet that consumers will be made increasingly aware of how their data is being used,” he says.

Katherine Symonds-Moore is a corporate responsibility consultant who has previously worked in-house for The Coca-Cola Company and Tesco, helping to develop and deliver the latter’s Community Plan. Like the companies she works for, she reads the papers: she’s seeing the stories and she’s watching as the data privacy issue rises up the agenda.

“I think we’re at an interesting place with this issue because it’s something that companies haven’t necessarily known they needed to think about,” she says. “As a corporate responsibility professional, I work with businesses that are interested in policing themselves, and often do so to avoid regulation, so I think there’ll be a big wave now of organisations looking for the most responsible way to manage this.”

An open relationship

So what can companies do to get ahead of the issue? Being open about their data-handling practices is a good place to start, says Symonds-Moore. “An organisation serves itself well by telling consumers as honestly and directly as it can that this is what we stand for; this is what our values are and this is how we manage things.”

Transparency has been a cornerstone of the environmental agenda, she says, with companies setting targets and regularly updating consumers on their performance. “What we need now is a similar approach to the business-consumer relationship.

“Companies need to handle this stuff with a great deal of respect,” says Symonds-Moore. “People can be very anxious and fearful about what happens with their data. In a lot of cases, of course, it’s heavily anonymised and it isn’t used for any malevolent purpose – but it’s a company’s responsibility to give consumers that reassurance.”

The Market Research Society’s Fair Data scheme is one such attempt to get organisations to commit to a set of standards governing data handling. Members have to adhere to 10 core principles designed to reassure consumers that they will only collect data when they have consent to do so; that they will only use it for the purpose for which it was collected; and that they will be clear with customers about how data is used.

Jane Frost, the chief executive of MRS, said: “Public concern is at an all-time high and we are getting increasing numbers of complaints about data use. Fair Data is about fundamental respect for the people whose data we all rely on for commercial and public purposes, and about getting to the very basis of the right way information should be gathered.”

A “culture of respect for personal data” needs to become “part of the DNA of business”, Frost says. Otherwise a lack of respect could very well lead to a lack of data.