If you are planning to improve your web design to enhance your outdoor industry marketing, you should include a review of your company's customer data protection protocols. At a minimum, any outdoor industry brand who uses third-party service providers to maintain and host its digital marketing and e-Commerce should conduct a check-up with them regarding data protection protocols they use to insure they are up-to-date. You should schedule a check-up at least yearly and as your relationship and business grow with them perform a check-up more often.
If you have not done so, it could be costly in more ways then you may be aware; both to your brand image and the bottom line. Consider:
- "20% of US consumers believe they have been affected by data misuse."
- ".... nearly half the consumers we surveyed believe that companies are neither being honest about their use of data nor taking adequate steps to protect it."
- "71% to 79% of the surveyed consumers said they would be unlikely to share or let data about them be used by a company they did not trust."
- "In the US, customers who are aware of and concerned about a data misuse reduce their spending by about a third in the first year."
Do Your Customers Believe You?
The above are findings of a new 8,000 sample survey from the Boston Consulting Group (BGC).
Consumers do not make a decision that a company is handling their data privacy based on whether it is complying with legal and regulatory requirements (which change quicker these days than in previous). Consumers will render a judgment based on their perception of whether the company is using their data in a truthful and appropriate manner given their point-of-view of the purpose provided and in what manner provided. Lengthy legal agreements will not be a foundation for a defense. Unless your company sells a product that holds a monopolistic position with consumers, the findings indicate they will render a verdict with their pocketbook.
The BGC report (Bridging the Trust Gap: The Hidden Landmine in Big Data) succinctly lays out the challenge to company leaders by stating:
A similar finding bears note from Accenture Interactive in a study of consumers last year.
".... company leaders at the highest levels must develop new ways to manage and use data. Even organizations that use data for completely legal and fully disclosed reasons are on a collision course with their customers. The steps companies take now to assess and address this risk will confer significant, long-term, and sustainable competitive advantage...."
Your At-Risk Just Like Equifax and Yahoo
Besides the issues presented above, how you or your third-party providers protect your data from breaches and the plans have you in place to handle a data breach are also important considerations for your company's reputation among consumers. Although we hear and read more about the data breaches and cyber attacks on large companies, small and medium-sized companies, which predominantly make up the outdoor industry, are not immune. A survey of 600 leaders at small and medium-sized businesses made it clear, no business is immune to a cyber attack (55%) or data breach (50%) in the last twelve months.
- In the aftermath of these incidents, these companies spent on average close to $900,000 because of damage or theft of IT assets.
- In addition, disruption to normal operations cost close to $1 million.
Running a small to mid-size outdoor industry company involves assessing risks, making hard choices, rinsing and repeating as conditions change (check out the Fundamentals of Marketing for the Outdoor Industry). Some of the considerations to include in a cyber attack/data breach review include:
- Assess the overall risks in the cyber world you operate.
- Identify what data you collect, where you store it, what format is it in, how it is accessed, and how might it be misused.
- If you have third-party vendors who use your data to provide services, determine if they might be a link to access your data in a cyber attack.
- What regulations apply to your business regarding data security?
- Do you have an end-to-end incident response process?
Besides the laws and regulations that apply to you if you operate in the United States, you may need to make yourself aware of the same in foreign countries. For example, there’s a new regulation coming to the European Union in 2018, called the General Data Protection Regulation (GDPR for short). Even if you only have a one customer located in Europe, you will be affected. When it takes effect, it’ll be the most comprehensive data privacy law in the world, and it’ll impact how companies and their third-party data housing providers (even small ones) collect and handle personal data about their customers (If you want more information about GDPR, Shopify has published a good article on it).
This article was co-written with James H. Moss J.D., Recreation Law. Jim has been recognized as the "go to lawyer" by the Outdoor Recreation Industry. He has been known to don a toga at a show party and he learns from what he observes on the show floor. He was featured in the 35th-anniversary issue of Outdoor Retailer magazine.