As we enter the new decade, there's no doubt that privacy is becoming a hot topic for customers, companies and for governments across the world. The EU's General Data Protection Regulation (GDPR) set a new standard in 2018, and new privacy laws are emerging like spring flowers in all corners – in particular within the Asia-Pacific region.
There is evidence to show that privacy is becoming a significant element in the trust relationship that organisations have with their customers. For businesses in very competitive markets, the perception of a company’s privacy practices is starting to be a differentiator for consumers.
There is a very vocal dissatisfaction to some of the ways in which companies like Facebook and Google obtain consent and how they use customer data. Yet we all carry on using them, since “all my friends use them” or “it’s just much more convenient”. This is known as the “privacy paradox”.
However, surveys consistently show that individuals are increasingly concerned about how organisations use their data and are more inclined to exercise their rights to call out poor practice. Likewise, regulators understand that poor privacy practices undermine the trust that is essential to success of the digital economy, and are now starting to take on this problem. In 2018, Facebook was hit with a USD$5 billion penalty for unfair terms and conditions relating to privacy.
It’s clear that privacy is growing in importance for customers and regulators. Businesses must accept that privacy is part of their relationship with customers (whether B2C or B2B) and getting it right is key to maintaining good relationships.
The General Data Protection Regulation (GDPR) was a seismic event in 2018, introducing rights-based data protection that extended past the borders of the EU.
The US is struggling to work out if it needs a federal law or not, with California and other states rapidly seeking to bring in their own stricter rules.
The Office of the Australian Information Commissioner (OAIC) does not have such robust powers, but these may be coming shortly. In 2019, in response to reports by the Australian Competition and Consumer Commission (ACCC), the government suggested amendments to the Privacy Act to provide stronger protections for individuals and allow for fines of up to 10% of annual domestic turnover (GDPR allows for up to 4% of global turnover). It’s not currently clear when these changes may be implemented, but we should expect them in 2020/21.
A new Privacy Act is coming into force this year. While this won’t carry powers to impose fines of more than NZ$10,000, it does give the Privacy Commissioner new abilities to force changes in business practices if necessary. It will also introduce mandatory reporting of data security incidents in line with Australia for any cases that may lead to serious harm to individuals.
Stricter rules and heavier punishments are at the forefront of many of these changes. It is likely that specific guidance will be issued for big challenging issues, like AI or facial recognition.
Hopefully, all privacy regulation will eventually have global consistency, but for now we should get comfortable with finding some interoperability in a complex world. As such, it’s a good time to get your house in order to make sure your organisation is not in the firing line when regulators move to exert their new or expanding powers.
Flight Centre Travel Group is very much ready for the new decade when it comes to privacy. Our vision in Australia and New Zealand is to be the most trusted travel operator for our customers’ privacy. This means building on those foundations to ensure Flight Centre Travel Group’s culture supports a privacy-first approach.
In practice, we are ensuring all staff have regular, good quality training according to their roles. It means having a network of “privacy champions” to support our people and continuing to invest in the best data security across the business. All new initiatives will consider privacy right from the start with a privacy-by-design approach and a risk-based approach so that resources are used most effectively.
We’ll also be using our good privacy practices to add value to our customers and strengthen our relationship with them.There have been great efforts put in place over the past couple of years to establish a privacy risk and compliance framework that can effectively protect the data and privacy of our customers, and we will continue to build on that foundation.
As a privacy function, it is our job to create the change we want to see. Fortunately, we have support right across the business. Everyone from the board down knows how important privacy is to us as an organisation and to our customers.
Interested in growing at an organisation that’s leading the charge in customer privacy? Take a look at our latest job opportunities.