Data Privacy Matters to Indian Consumers

Globally, and in India, too, there has been increased attention on privacy, and many customers today are wary of how organizations use their data. With data volumes exploding and the number of channels through which data is shared continuing to rise, the challenge for organizations is to protect personal data and use it responsibly without violating customer trust. Trust is the most critical factor in today’s fiercely competitive business world, and once broken, is extremely hard to regain. But how can organizations stay compliant and protect customers’ data against a backdrop of increasing major data security breaches? For context, according to records from the Indian parliament, Indian banks reported 248 successful data breaches by hackers and miscreants between June 2018 and March 2022. Additionally, with the growing array of data formats and storage mediums (i.e., structured, unstructured, human generated, machine generated, in the data center, on the edge, fast moving, slow processing, in the cloud, within on-premise applications, etc.), consumers are becoming wary of where their data may end up and the implications of it falling into the wrong hands.

Attitudes to Data Privacy Amongst Indian Consumers

To truly understand consumer attitudes towards data privacy today, OpenText commissioned a survey and discovered some interesting takeaways. Indians are increasingly concerned about how their data is being managed and protected in this new normal. In fact, more than nine of ten (93%) worry more about their personal data now that organizations operate distributed work models, with almost four in ten (38%)
expecting those organizations to ensure everything is secure, no matter where their employees work from. Data privacy clearly matters to consumers, even though a quarter (24%) don’t actually know what specific data is used, stored, and accessed by organizations. However, once
a customer’s trust is broken, so too is their loyalty to a brand. Almost three in ten Indian consumers (27%) would no longer use or buy from a company they were previously loyal to if it failed to respond to a Data Subject Access Request (DSAR) – including among others the right to be informed, the right of access, the right of rectification and the right of erasure – while close to a third (31%) would no longer use or buy from a
company if it shared their personal data with third parties for anything other than its specified purpose. Those organizations that can protect customer information will have a significant competitive edge. More than four in five (83%) in the survey said they would pay more for a company or third party to keep their information safe – almost identical to the 84 percent who said the same in a similar OpenText survey conducted in March 2020.
Best practices to ensure privacy and an information advantage
The above results show us that by acting proactively to address the concerns of customers around the protection of their personal data, organizations can differentiate hemselves in the marketplace and give themselves an information advantage. Some of the recommended best practices include:
Establish a strong information management core
Strong information management is required to improve productivity and mitigate data privacy risk. Disconnected systems can lead to uncontrolled siloes that hinder collaboration and productivity. Using a modern content services platform, organizations can consolidate key system to streamline information governance and bolster information sharing by implementing policy-driven, role-based access to reduce
unwanted exposure. Businesses must also remove siloes to get one comprehensive view of all their information – both structured and unstructured data – and understand how personal data is managed. With information governance solutions, organizations can manage the
flow of personal and sensitive information from capture through archiving and disposition – ensuring agile information governance to reduce risk, increase security, and address the increasingly complex regulatory landscape. Organizations that take an integrated data-centric approach are in the best position to support critical foundational data privacy management needs including data discovery and risk remediation, data
retention, Subject Rights Requests management and data security.

Get smarter with embedded AI
Many organizations are sitting on years of data and terabytes of content that has not been appropriately classified to understand its contents, value, and risk. Examples include network file shares, or laptop archives. Using AI-powered data discovery tools, organizations can scan this unmanaged or unclassified data to identify personal and sensitive data in content stores and assess the severity of the risk to strengthen
adherence to privacy and compliance mandates. Once tagged, risky and sensitive content can be protected and secured with just a few clicks. Also, bulk policies can be set once repeated patterns are identified.
Records retention & data minimization
Under modern privacy law, organizations can no longer collect as much information about their customers as they want. Organizations need to limit retention beyond what is directly relevant and necessary to accomplish a specified purpose – following the principle of data minimization. This is particularly challenging since the growing volume and complexity of data is making it harder to manage. These retention practices are a
key aspect of operationalizing a privacy program. Information governance solutions can help organizations improve the way they keep track of where data is located, where it is stored, what categories of data are being managed and when it is time to dispose of personal data based on these minimization requirements, helping organizations to meet data sovereignty requirements.

Automating and managing key privacy processes
Demands made by data subjects and consumers seeking to act upon their exercisable rights – mainly subject right requests (SRRs) – continue to expose many businesses who continue to perform manual activities and struggle to meet prescribed deadlines. That is why automation and workflow management remain top data privacy technology capabilities being pursued today. Investment in robust privacy management solutions
that have strong case management tools to track performance, can go a long way to operationalizing SRR request process and workflows from SRR intake to fulfilment, to support an enterprise privacy program.
Creating a Culture of Cyber Resilience
With cybercrime presenting a formidable challenge to modern life and work and the potential to wreak havoc on our businesses, there is a greater need for organizations to deploy technology to keep their information, including personal data, safe and secure. However, state-of-the-art cyber security and network protection technologies alone are not enough since a security breach will inevitably occur and can be triggered by the
simple action of an employee who unwittingly clicks on a dangerous link. The real focus should be on cyber resilience for optimum security. Cyber resilience is the ability to continuously deliver intended operational outcomes, despite any barriers thrown up by adverse cyber events. It requires total network, endpoint, and user protection, as well as data recovery, as part of a robust ‘defence-in-depth’ strategy. Moreover, it mustn’t stop there. Conducting regular training sessions to ensure employees are aware of cyber risks is a critical component of cyber resilience. These
steps, supported by components of a comprehensive cybersecurity suite will enable organizations to continue running their operations without the disruption of files and servers being locked due to a cyber-attack.
Be ready for the unexpected
Distributed work models, incessant growth of data volumes and information sources, data security breaches on the rise, and an increased awareness of more stringent data privacy regulations have led to growing concerns among consumers about how their personal data is managed and secured. New information privacy, governance and protection practices are needed to address these concerns, especially with the focus on
privacy expected to continue. According to Gartner, 75% of the world’s population will have its personal data covered under modern privacy regulations by the end of 2024. Whether it is geo-politically driven needs for data sovereignty, continued supply chain disruptions, or new ESG (environmental, social and corporate governance) regulations, organizations need to be ready for the unexpected. They can take an important step forward in this new unpredictable and data-heavy world by establishing an integrated data management approach that will help maintain the trust and loyalty of customers, offer a powerful point of differentiation in the marketplace and create a true information advantage.