Ernst & Young: Businesses must prepare for end to 'golden age' of customer data

Ernst & Young: Businesses must prepare for end to 'golden age' of customer data

Data Protection Act changes and shift in consumer attitudes will make data more scarce, report claims

Article comments

Businesses will find access to customer data become more restricted in the next five years as consumers become more wary of handing over personal information, according to an Ernst & Young survey.

Ernst & Young’s ‘The Big Data Backlash’ report focused on attitudes to customer data, with two separate surveys of 2,000 consumers and 748 senior business executives. The report revealed that consumers are becoming less willing to share their personal information, with 49 percent anticipating they will restrict access by 2018, while 55 percent already offer less personal information than five years previously.

The report highlighted potential changes to the Data Protection Act to allow consumers to demand deletion of data as one factor that will make customer data more scarce.

“If this ‘forget me’ part of the legislation comes in then that is going to be a fairly significant change for a lot of organisations to handle, and I think there will be a percentage of the population which will take advantage of that,” said EY partner, Patrick James.

The supply of data by businesses to third parties is also a concern for consumers, with three quarters never happy for their data to be shared. The security of sensitive information following a number of high-profile cyber attacks may also create apprehension over supplying personal data, James said.

The report also highlights that businesses continue to rely on customer data. Almost two thirds, 62 percent, of businesses surveyed said they implement ‘customer insight’ programmes to collect and interpret customer information to drive business growth, with 87 percent of these claiming to see revenues increase as a result.

Some 41 percent believe that restricted access to their customers’ personal details would be a risk to their business model. However the report found that despite the reliance on personal data, the majority of businesses (71 percent) remain unconcerned about the prospect of restricted access to customer information.  

According to James, businesses need to prepare for changes in how they capture information about their customers, implementing strategies such as gamification and other incentives to ensure that they are not cut off from this resource in future.

“It is one of the challenges of the digital world that a lot of organisations will quite happily continue as they are and then in five years the world will have changed, new legislation will have come in and consumer behaviour will have changed," he said.

“We see the velocity of change is increasingly, and therefore there is the possibility that organisations will get left behind. It not an immediate challenge for tomorrow but is part of building your strategy for the next five years.” 



  • Ulf Mattsson I can understand that Data Protection Act changes and shift in consumer attitudes will make data more scarce I think thatcurrent threats to data and escalating regulations are rapidly changing this landscape The trend is that more and more types of information is covered by different privacy laws and the enforcement activities are now escalating in many countries and regions In many popular public cloud environments my Data is NOTunder my control NOT in a computer within in my organization and potentially NOT in a country or location that I know about My Data may NOT even be stored or processed in a compliant way in an accepted country by a 3rd party andor cloud provider I may not have information about who can access my data maybe administrators or other tenants I may be sharing disk memory and other infrastructure components with parties that I dont know about They maybe stealing my data Therefore I think that all sensitive data should be encrypted or tokenized before it is sent to the cloudBelow are a few words of guidance from the payment cardindustry PCI SSC The guidance is applicable for all sensitive data that is sent to the cloudIf you outsource to a public-cloud provider they often havemultiple data storage systems located in multiple data centers which may often be in multiple countries or regions Consequently the client may not know the location of their data or the data may exist in one or more of several locations at any particular time Additionally a client may have little or no visibility into the controls protecting their stored data This can make validation of data security and access controls for a specific data set particularly challengingIn a public-cloud environment one clients data is typicallystored with data belonging to multiple other clients This makes a public cloud an attractive target for attackers as the potential gain may be greater than that to be attained from attacking a number of organizations individually I recently read an interesting report from the AberdeenGroup that revealed that Over the last 12 months tokenization users had 50 fewer security-related incidents eg unauthorized access data loss or data exposure than tokenization non-users The name of the study is Tokenization Gets TractionUlf Mattsson CTO Protegrity
Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *