Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier

Staff Report

Thursday, October 10th, 2019

Why this matters for retailers and consumer facing companies
Deloitte's "U.S. Consumer Data Privacy" study surveyed 2,000 consumers to gain insights into their concerns about data privacy and their expectations for retailers to protect it. Deloitte also surveyed 201 retail executives on data privacy to understand how retailers differentiate across a series of privacy tenets. Nearly 3 in 4 consumers (71%) are willing to share personal data if they receive better pricing, special discounts or exclusive offers. And consumers who are satisfied with privacy policies are more likely to be open or neutral about sharing personal data (73%), compared to those who are unsatisfied or unaware (57%).

Retailers should become data-wise and privacy conscious
Consumer privacy is at an inflection point in retail, with significant business, financial, and regulatory reasons for retailers to act now. Not only are consumers becoming increasingly aware of threats to their privacy, nearly half of U.S. states have introduced or enacted new privacy legislation, impacting 54% of the population. In California alone, the California Consumer Privacy Act introduces some of the most stringent regulations and the cost of noncompliance is too high to ignore.

Growing regulatory concerns
The survey found that 75% of retailers believe regulations will have a moderate to significant impact on their business. However, only 22% have optimally integrated their data privacy plan with corporate and business unit strategy planning. This misalignment could be a significant opportunity, considering 62% of retailers have more than 50 information systems (e.g., spreadsheets, customer relationship management systems, email, point-of-sale) holding consumer data in their organization, which increases the vulnerability of their data.

Key quote
"While some retailers have moved the bar on data privacy, there is still a lot of work to do. The retail industry should advocate for a consumer privacy standard putting consumer centricity at the core and trust as the guide. Transparency with consumers about what you collect and how you use it can go a long way in developing trust.

Retailers who focus on consumer privacy as a strategic growth driver are poised to create more meaningful data, enhance consumer engagement and reduce exposure to risk, all while staying ahead of the evolution of privacy in consumer business." 

-Rod Sides 
vice chairman and U.S. leader, retail, wholesale and distribution, Deloitte Consulting LLP

Disconnect fuels the trust deficit
The disconnect between how consumers perceive retailers use their data, and how it is actually used fuels the trust deficit. More than two-thirds of consumers believe data is being predominantly used for targeted marketing and 55% of consumers believe retailers share data with third parties or sell it to outside buyers.

Retailers have an opportunity to build trust with consumers by openly sharing how data is used. For instance, retail executives noted that the top three uses of consumer data are: increasing operational efficiencies (53%), improving product selection (52%), enhancing in-store services or experiences (49%).

Retailers should also be purposeful when collecting data from consumers. Consumers are wary of the "creep factor" — when they feel that retailers are using their personal information in a way that violates their expectations. While consumers are willing to share their information for something in return, they are holding retailers to a higher standard for the stewardship of their information and the level of trust they hold in those companies as a result.

Leaders are trust-focused, consumer centric
Amid the challenges evident in the consumer market, there are clear distinctions in performance and lessons to be learned in the way retailers approach privacy. According to the survey of retail executives, just 32% of retailers are classified as "leaders" in terms of privacy. Leaders are trust-focused and consumer-centric with privacy integrated into corporate strategy. "Laggards," those who had not made privacy a priority, represented 27%. "Adopters," whose organizations were working to increase the focus on privacy, but at varying focus levels, represented 41% of all retailers surveyed. Retail industry leaders can benefit from becoming data-wise and privacy conscious while striving for a new standard that addresses concerns from both consumers and regulators, the report notes.

Key quote
"With increased scrutiny on consumer and data privacy, there is a call to action to define a new standard that works for consumers and retailers. Future leaders in data privacy should adopt guiding principles that align across the entire organization as an essential part of their strategy, culture and operations.

Retailers should work every day to connect with consumers in a way that builds trust, manages legal risk and enables their growth strategy."

-Rob Goldberg,
cyber risk leader, retail, wholesale and distribution, Deloitte & Touche LLP

Challenges to implementing an effective consumer data privacy program
Only 5% of consumers listed retailers among the top three businesses they trust with their personal data as compared to other industries. Further, 63% believe retailers are accountable for ensuring consumer privacy in the retail industry, more so than the government (50%), technology partners (27%) or even consumers themselves (27%). This challenge is compounded further by the disconnect between consumer perception and what information retailers collect or how they use it.

Additionally, retailers face specific strategy and capability challenges when designing and implementing a consumer privacy program. Inadequate data management within an organization (50%), inadequate technology tools for privacy management (45%), lack of sufficient funding (43%), and lack of clear government regulation (43%) rank among the key challenges faced by retailers.