Companies across the globe are facing growing challenges within the data privacy landscape, with more companies than ever facing unprecedented threats of data breaches, hackings, security issues, fraudulent activity and more.  

Australia alone has experienced over 2,784 disclosed cyber security breaches since 2021, with the ASCS stating that cybercrime is reported in Australia every 7 minutes ¹. 

Not only do data breaches cost businesses upwards of hundreds of millions in financial, brand or legal damages, but also have a grave and critical impact on customer trust. 

As data privacy concerns continue to grow, it is becoming increasingly important for businesses to ensure that their loyalty programs are secure and trustworthy. In this blog, we will explore the impact that data privacy breaches can have on customer loyalty, and how loyalty programs can help businesses build and strengthen customer trust. 

The overwhelming consequence of data privacy breaches

Data mistrust can have serious consequences for businesses, the most concerning often being financial damage, legal implications, and customer churn.  

According to a study by IBM, the global average cost of a data breach has increased 15% over the last 3 years with the average breach costing up to $4.45 million (USD) in 2023 ². Fines issued under GDPR regulation within the UK alone exceeded 220 million pounds in 2020 ³. This includes costs associated with investigating the breach, notifying customers, and implementing security measures to prevent future breaches. 

Research by EFTM suggests that Australian telecommunications giant ‘Optus’ will have lost approximately one-tenth of its customers who have switched due to its cyber incident in late 2022 ⁴, with 9.8 million customers affected and potentially up to $2 billion in settlement or remediation ⁵.  

Australian health insurer Medibank is also facing astronomical consequences with over 13,000 customers already churned ⁶. The bad news continues with media outlets releasing statements declaring that the 2022 data breach could cost the business upwards of $80 million by 2024 ⁷. 

In addition to financial and disengagement consequences, customers who have experienced a data breach are more likely to share their negative experiences with others, which can continue to damage the company’s reputation over an extended period of time.  

Furthermore, academic studies and research suggest that customers who do not trust a company or leave due to service-related issues, are not only less likely to make purchases from the company but are far more resistant to loyalty or win-back strategies in the future.  

This is because the decision to switch back to the firm was deemed as inherently risky due to a lack of trust that the firm would be able to deliver. In fact, customers who switched to a competitor due to service reasons were found to be more likely to be loyal or satisfied with the competitor, making it increasingly difficult to win them over. ⁸

What are customers saying?

Customers are becoming more vocal about their concerns regarding data privacy, with research suggesting that:

• 81% of consumers would stop engaging with a brand online following a data breach ⁹
• 79% of Americans are concerned about the way their personal data is being used by companies ¹⁰
• 65% reported that they had stopped buying from brands that customers felt behaved distrustfully ¹¹
• 54% believed that most companies do not use their data in a way that benefits them ¹¹

Customers want to know that their personal information is being protected and that they have control over how it is being used. Businesses that prioritise data privacy and are transparent about data collection and usage practices are more likely to earn the trust and loyalty of their customers.

Why businesses should act fast

End of Third-Party Cookies

Internet browsers Google, Safari, Firefox and others have all demonstrated intent to remove usage of third-party cookies by the end of 2024.¹²  

The end of third-party cookies can have a significant impact on businesses that rely on customer data for their marketing efforts. Without third-party cookies, it will become evidently challenging for businesses to track user behaviour across the web and target them with personalised ads. This could lead to a reduction in advertising effectiveness and a decrease in revenue for business.  

The global effort to strengthen data privacy laws

The overwhelming rise of cyber security breaches since COVID 19 along with customer outrage has quickly garnered government attention, with bodies across the globe implementing data privacy regulations in timeframes faster than businesses can typically adapt.  

European GDPR regulations are also setting the standard for data protection laws across the globe, becoming the model of influence for other countries looking to strengthen their data privacy laws.

In fact, from February 2021 to March 2023 seventeen new countries released new data privacy laws, bringing the total to 162 globally.¹³   

For example:

Indonesia officially implemented their first series of data protection legislation known as the Personal Data Protection Law (“PDPL”) in October 2022 with businesses been given a 2-year transition period to comply with this new regulation.¹⁴

Australia has also followed suit in 2023¹⁵, following an official 3-year review of the 1988 Privacy Act resulting in a shift towards: 

• Consumer access and erasure 
• Enhancing company obligations to consumers 
• Consumer rights to take companies to court in the event of a breach  

States across the USA have also achieved significant strides towards protecting customer data in 2023 with each regulation offering customers the right to access, delete, and opt out of data collection and storage. ¹⁶

• The California Privacy Rights Act (CPRA) effective January 1, 2023.  
• The Virginia Consumer Data Protection Act (VCDPA) effective January 1, 2023.  
• The Colorado Privacy Act (CPA) effective July 1, 2023.  
• The Connecticut Data Privacy Act (CTDPA) effective July 1, 2023. 
• The Utah Consumer Privacy Act (UCPA) effective December 31, 2023. 

These laws could potentially have devastating effects on the way businesses collect data, particularly with 81% of US customers stating that they believe the risk of companies collecting personal data outweigh the benefits¹⁰, and over 50% stating that they would get their personal information back from a company given the chance.¹⁷  

Overall, the trend towards stronger data privacy laws is clear, and the influence of the GDPR is evident in many of these new regulations. As cyber-attacks continue to pose a threat to individuals and organisations around the world, it is likely that even more countries will follow suit and adopt stronger data protection measures in the coming years. 

How can loyalty programs help

1. Customers want transparency
2. Customers want control
3. Customers want dialogue

Loyalty programs can play a crucial role in providing customers with more transparency over data collection by offering them greater control over their personal information. By collecting consent from customers to share their data, businesses can create a more transparent relationship with their customers.  

Loyalty programs can also incentivise customers to share personal data, enabling businesses to collect valuable insights and improve customer experiences. By offering rewards for data sharing, such as preferences or purchase history, businesses can tailor their marketing efforts and gain a better understanding of customer behaviour.  

This mutually beneficial relationship encourages customers to willingly share their data in exchange for rewards, while businesses can utilise the collected first-party data to personalise experiences and drive sales. First-party data, directly collected from customers, is particularly valuable as it is more accurate and reliable than third-party data. It offers insights into customer behaviour, preferences, and interests, allowing businesses to enhance customer experiences and optimise marketing strategies.  

Loyalty programs also facilitate direct dialogue between businesses and customers through channels such as email newsletters, social media, or in-app notifications. Educational messages can inform customers about data collection and usage, building trust and encouraging them to share their data willingly. Members will also feel a greater sense of trust if they feel heard and their needs are addressed e.g., through polls, surveys, quizzes and more.  

Creating a community through loyalty programs, such as online forums or exclusive events, fosters transparency and encourages customers to engage with each other and share their experience or data (e.g., reviews). Positive experiences and direct member involvement will go a long way towards building broader brand trust. Customers may feel more comfortable sharing their data if they know it will improve the overall community experience. 

In conclusion, data privacy is becoming increasingly important for businesses that offer loyalty programs. Data privacy breaches can have a significant financial impact on businesses and can lead to decreased customer trust and increased churn. By offering customers access to a loyalty program, businesses can better prioritise data privacy and implement transparent data collection and usage practices to drive increased customer trust and brand loyalty.  

References:

1. Australian Cyber Security Centre (2021). Annual Cyber Threat Report. [online] Available at: https://www.cyber.gov.au/sites/default/files/2023-03/ACSC-Annual-Cyber-Threat-Report-2022_0.pdf.‌
   ↩︎
2. IBM (2023). Cost of a Data Breach 2023. [online] IBM. Available at: https://www.ibm.com/reports/data-breach.‌
   ↩︎
3. Privacy Compliance Hub. (2021). Privacy and loss of customers. [online] Available at: https://www.privacycompliancehub.com/gdpr-resources/loss-of-customers-substantial-costs-and-a-damaged-reputation-find-out-why-privacy-compliance-should-be-top-of-your-priority-list/#:~:text=The%20impact%20of%20a%20breach.‌
   ↩︎
4. Priezkalns, E. (2022). Survey Says One-Tenth of Optus Customers Churned after Massive Data Breach. [online] Commsrisk. Available at: https://commsrisk.com/survey-says-one-tenth-of-optus-customers-churned-after-massive-data-breach/.‌
   ‌ ↩︎
5. Boyd, T. (2022). The Optus hack will cost millions (and not just in payouts). [online] Australian Financial Review. Available at: https://www.afr.com/chanticleer/the-optus-hack-will-cost-millions-and-not-just-in-payouts-20220923-p5bkkm.
   ↩︎
6. Muller, P. (2023). 13,000 customers out the door: The high price of churn when privacy data is violated. [online] DataBench. Available at: https://databench.com.au/200-new-verses-13000-out-the-door-the-high-price-of-customer-churn-when-privacy-data-is-violated/.
   ↩︎
7. iTnews. (n.d.). Data breach could cost Medibank $35 million in 2024. [online] Available at: https://www.itnews.com.au/news/data-breach-could-cost-medibank-35-million-in-2024-599566.‌
   ↩︎
8. Kumar, V. & Bhagwat, Yashoda & Zhang, Xi. (2015). Regaining “Lost” Customers: The Predictive Power of First-Lifetime Behavior, the Reason for Defection, and the Nature of the Win-Back Offer. Journal of Marketing. 79. 150504071532001. 10.1509/jm.14.0107.
   ↩︎
9. www.pingidentity.com. (n.d.). 2019 Consumer Survey: Data Misuse & Trust. [online] Available at: https://www.pingidentity.com/en/resources/content-library/misc/3464-2019-consumer-survey-trust-accountability.html#:~:text=Key%20Findings [Accessed 9 Oct. 2023].
   ‌ ↩︎
10. Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M. and Turner, E. (2019). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. [online] Pew Research Center. Available at: https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/.
    ↩︎
11. Donegan, C. (2019). State of the Connected Customer Report Outlines Changing Standards for Customer Engagement. [online] Salesforce News. Available at: https://www.salesforce.com/news/stories/state-of-the-connected-customer-report-outlines-changing-standards-for-customer-engagement/.
      ↩︎
12. Harrison, S. (2021). Google’s Cookieless Delays, Time To Focus On Zero Party. [online] Loyalty & Reward Co. Available at: https://loyaltyrewardco.com/googles-cookieless-delays-time-to-focus-on-zero-party/ [Accessed 9 Oct. 2023].
    ‌ ↩︎
13. Greenleaf, G. (2023). Global Data Privacy Laws 2023: 162 National Laws and 20 Bills. SSRN Electronic Journal. doi:https://doi.org/10.2139/ssrn.4426146.
    ‌ ↩︎
14. https://fpf.org/. (n.d.). Indonesia’s Personal Data Protection Bill: Overview, Key Takeaways, and Context – Future of Privacy Forum. [online] Available at: https://fpf.org/blog/indonesias-personal-data-protection-bill-overview-key-takeaways-and-context/.
    ‌ ↩︎
15. Attorney-General’s Department. (2023). Privacy Act Review Report. [online] Available at: https://www.ag.gov.au/rights-and-protections/publications/privacy-act-review-report.
    ‌ ↩︎
16. iubenda. (n.d.). Privacy and Data Protection: What to Expect in 2023. [online] Available at: https://www.iubenda.com/en/help/109895-data-privacy-trends [Accessed 9 Oct. 2023].
    ‌ ↩︎
17. Consumer intelligence series: Protect – FIS. (n.d.). [online] Available at: https://www.fisglobal.com/-/media/fisglobal/worldpay/docs/insights/consumer-intelligence-series-protectme.pdf ↩︎