- It's not enough for companies to go through a digital transformation: They need to undergo an ethical one too, according to Renee Murphy, principal analyst at Forrester Researcher, speaking at the Forrester Privacy & Security summit in D.C. on Tuesday. Businesses need to work with product managers and marketers to understand what data is being collected, how it is being used and the regulatory requirements.
- Citing former FCC Chairman Tom Wheeler, Murphy noted it's about permission, not prohibition. Companies can collect and use data, but they need to get permission for it from data subjects and use it responsibly.
- The privacy paradigm needs to be shifted so that customers aren't just buying the cool, new gadgets where security is an afterthought. Customers need to ask for security up front, according to Mark Raimondi, national security spokesperson for the U.S. Department of Justice, speaking at the summit on Tuesday. "Privacy is not dead, but we're going to have to fight for it if we want it," said Laura Koetzle, VP and group director at Forrester Research.
The burden of security shouldn't fall on customers, but the pressures they exert on suppliers and vendors can make the difference between security being an afterthought or a foundation in products and services.
For brands relying on trust, security is an imperative. For example, when a store like Home Depot gets breached, customers are still going to shop there because they need the product selection, according to Vanessa Pegueros, VP and CISO at DocuSign, speaking at the Forrester event.
But if a breach happens at a company like DocuSign, which provides digital transaction, agreement and e-signature services, the erosion of customer trust can be hard to come back from. Word of mouth recommendations between peers depend greatly on that security and trust.
A clear set of information on what security measures a company has in place can help get current and new customers up to speed. DocuSign, for example, provides a trust and security packet that contains information on certifications, PCI attestations and penetration test results, among other things, Pegueros said.