Side view of a woman sat looking intently at her phone

Winning trust with an ethical Privacy Strategy

Consumer trust in digital services has taken a bit of beating over the past few years with a number of high-profile instances of data misuse by the likes of Amazon, WhatsApp, Google and others. Now more than ever it feels like transparent, ethical use of data can help businesses win over the trust of their customers.

What is a Privacy Strategy?

A Privacy Strategy can be adopted by an organisation of any size. If you’re a smaller business, it doesn’t have to be a complex network of operational and legislative policies and directives and expensive software. It can be as simple as merely recording the people, processes and technology you use to keep your company and customer data safe.

Everyone with a website should have a privacy policy, however, many only do so ‘because they have to’. Often the policies are wordy, complicated, unclear and require a law degree to digest – if you can stay awake long enough to get to the end of them. Long, perfectly drafted policies are great but not entirely helpful if they are not easy to understand. A Privacy Policy should be transparent, simple and easy for your customers to understand. They are an important part of a Privacy Strategy as they are available in the public domain for everyone to see.
The ICO provides a wealth of guidance on privacy. They want you to be clear in providing individuals with an understanding of how you are using their personal data, and whether any policies are being properly enforced. They encourage you to adopt a ‘plain language’ policy for any public documents so there can be no ambiguity. As a business you must anticipate any risks and potential security events before they occur and to have measures in place to limit harm to individuals.

What about cookies?

Cookies are a bone of contention for me personally. Right now they’re a win/lose proposition between website owner and visitor. I’d like to see a world where every consent banner that appears is telling you that they’re only collecting essential information and giving you an option to opt in to provide more, perhaps with some incentive for giving up your data?

You may need a certain amount of data to improve the efficiency of your websites or service offering, or to help with your marketing campaigns – that’s fair enough. One of the most important rules of GDPR is to collect only what you need and to keep it only as long as you need it. If you don’t need the information to provide a service or to meet an external regulation, don’t ask for it. After all, you can’t misuse or inadvertently disclose information that you don’t have.

In the Data Governance world we say there are two types of companies, those who have experienced a breach, and those who don’t know that they have experienced a breach.

Keeping your privacy options user centric and applying strong privacy defaults while giving something back to anyone that shares data with you, is an easy way to build and maintain that level of trust with your customers.

Jason Abrahamse

Jason is ITbuilder's security expert and leads our information security project team. He provides consultancy and support on matters relating to cyber-resilience and data protection.

Something of an industry veteran, Jason has held various roles in the industry and combines that expertise to consult with customers on security best practices.

Jason is a native of South Africa, but is now a fully naturalised Brit except for not being accustomed to the cold. He lives locally in Hertfordshire.

More articles from

Back to Blog