In a recent report on 2019 enterprise infrastructure trends, IDC predicted a “digital deluge” of data as organizations collect more and more information on customer buying habits and preferences. It’s no surprise that IDC also predicts increasingly stringent compliance regulations governing the collection, handling, and sharing of personal consumer information.
But compliance with isn’t all about avoiding fines and the other costs of post-breach remediation. In their report, IDC states that, “During 2019, multinational organizations will need to move beyond achieving minimal viable compliance to using compliance as a competitive differentiator…”
Compliance as a competitive differentiator may require a bit of a paradigm shift. Let’s start by looking at two of the most common regulations, HIPAA/HITECH and PCI DSS, to see how you might approach this whether you’re a multinational organization or a boutique shop/provider serving a community of local customers.
Reduce customer churn with HIPAA/HITECH compliance
Healthcare consumers sign a HIPAA agreement every time they visit a healthcare provider. A few of them may even read the agreement before they sign. But whether they take the time or not, they go into their appointment with the understanding that their provider is required by law to keep their information private. The formality of this process can lead to pretty high expectations.
When a healthcare data breach happens, no doubt some consumers feel doubly betrayed. Not only did the healthcare provider not live up to their end of the bargain, but they also allowed the release of some of the most personal information imaginable.
Perhaps that’s why healthcare sees higher levels of post-breach customer churn than any other industry. According to the Ponemon Institute’s 2018 Cost of a Data Breach study, healthcare providers had an abnormal churn rate of 6.7% after a breach as compared to 6.1% in the financial sector, 5.2% in services, 3.0% in energy, and 2.7% in education. Abnormal churn is defined as customer turnover above what would be considered normal.
Abnormal customer churn is keenly felt in healthcare as it is in other industries where repeat business is the norm. People go to a doctor, dentist, or other provider expecting to develop a long-term relationship. If they’re happy with their provider, it’s almost a certainty that they will go back to that provider again.
So, a 6.7% abnormal customer churn rate can lead to a significant loss of long-term revenues, and that requires providers to spend even more as they try to win back the business. A study recently published in the American Journal of Managed Care found that hospitals increased their advertising spend by 64% on average in the year following a data breach. Over a two-year period following the breach, advertising spend jumped to 79%.
Customer trust, once lost, is a hard thing to regain. Healthcare providers can keep the customers they have from leaving by strengthening their IT security strategy.
Attract new customers with PCI DSS leadership
Credit card fraud is becoming increasingly common. According to Experian, credit card number exposure rose 88% in 2017 to 14.2 million accounts. In addition, data thieves stole nearly 158 million social security numbers as well. The final tally isn’t in yet for how many of the 2017 incidents led to identity fraud, but 31.7% of 2016 breach victims later experienced identity fraud.
US consumers know that nothing can stop all breaches. (They’re told something similar every time a breach happens.) But they also want to work with companies that aren’t putting their data at undue risk.
Companies think they’re keeping their customers informed through their privacy policies, but there are two problems with these documents. First, no one reads them. In 2012, Carnegie Mellon University estimated that it would take seventy-six (76) 8-hour workdays for the average person to read through all the privacy documents they receive. And that was in 2012!
Second, these privacy documents are written by the legal team, not marketing. That may be a necessary evil (sorry legal), but organizations might consider collaborating with marketing to put some of the language in real-people speak or allowing marketing to use compliance as a message to their target audience. While marketing will, of course, need to stop short of promising customer data will never be stolen, they can be more vocal about the measures they take to protect their customer’s privacy.
In the event a breach happens, transparency is vital. Many forward-thinking organizations make a very public effort to notify potential victims and even offer remediation assistance.
What other opportunities does 2019 have in store?
Digital transformation success requires organizations to stay one step ahead of the trends. If you’d like to see what else 2019 has in store, download the report: 2019 Enterprise Infrastructure Trends and Their Impact on Digital Transformation.