Rarely, if ever, has data privacy been a more pressing concern in Australia than it is today. After the significant breaches that hit businesses from Microsoft and Medibank to Woolworths, Optus and Telstra, we’re rightly questioning the extent to which our data is accessed. Our personal data is our most treasured, private asset – and should be safeguarded at all costs. Businesses are collecting too much data, and they’re doing so because it has become too valuable not to. Their business model depends on it.

However, these breaches have overshadowed that data can be a force for good. When the right data is collected, its owner has consented, and the data is protected, it can drive huge benefits for consumers. But with our scepticism about data privacy higher than ever, how can retailers build trust, identify what data to collect and not collect, then safeguard and use it for good?

Collecting the right data

As more data is collected, the risk and severity of privacy breaches increase. The Australian Cyber Security Commission (ACSC) received 76,000 cyberattack reports in the 2021-22 financial year; a 13% increase on the year before. It also said the level of cybercrime has been ‘profound’ with a report every seven minutes.

To build trust, retailers must collect only what is necessary and be transparent in how and why it’s used. Some businesses are open about their data practices, but most act in the shadows, asking for forgiveness rather than permission. It’s also not uncommon for businesses to collect data with no immediate value, just in case it becomes valuable in future.

To build trust, decide what data will benefit your customers. If their data is being used, it must drive value for them. Transactional data like their purchase history and browsing patterns can help you understand their interests so you can provide the tailored customer experience, offers and communications they desire. Their passport number, medical records and size of their underwear (as has been reportedly collected), for example, is too personal, has no value and should be ignored.

Then, ask for their consent, and explain clearly what you’re collecting and why. And make it easy for them to remove their data whenever. Then, when you have it, protect it.

Building safeguards

There are many ways to build trust and safeguard against cyber threats, including a data privacy policy and using software with strong data privacy at its foundation. Zoho research found that only 35% of Australian small businesses have a defined, documented, and enforced policy regarding personal data collected, used, and disclosed through their business. Policymakers have hinted that small businesses could face stricter privacy regulations and punishments, so creating one is essential.

A privacy policy must accurately reflect, and clearly communicate, your business’ data collection and use. It should explain, for example, where you store it, how you protect it and whether you disclose it to other entities, both domestically and overseas. If at any stage you modify how you use data, you must inform your customers and refine your policy accordingly. Retailers can write their own privacy policy, and when created, it must be easily accessible to customers.

Zoho research also revealed that only 20% of small businesses think third-party vendors have done a good job of explaining how data is used and accessed, while 31% believe they’ve done a bad or unsatisfactory job. Part of the reason is technology companies operate models that exploit data without consent, so it’s in their best interest to communicate poorly.

Retailers have an obligation to research diligently, and only use software that is transparent and has privacy as a foundation – not an add on. At Zoho, we decided over two decades ago that we would never have a business model that made revenue through advertising and data. So we banned third-party cookies – one of the most common ways companies collect data – from our software.

Turning data in customer experience

When the right data is collected transparently and stored safely, it can drive genuine value – especially today, with peak retail season upon us. Consumers want personalisation, not one-size-fits-all experiences, and transactional data drives that. Through data, you can identify what items shoppers have purchased in the past or which Instagram shoppable posts they’ve clicked on, then through AI and automation – built into the best retail software – you can target them with specific products and offers based on these insights.

Amazon,for example, provides tailored shopping recommendations based on a user’s search and purchase history on the platform. While Amazon is one of the retail industry’s best-known proponents of personalisation, it’s not a monopoly – these are customer experiences all online or omnichannel retailers can provide with the right software and the right data.

Public perception of data collection and privacy has never been murkier than it is today. Rightly so. To feel its full and undoubted potential, we must think critically, approach cautiously and act transparently to build trust and turn data into something that drives value – not risk – for consumers. The retailers who do so will be better placed to succeed this peak retail season and long after.

Vijay Sundaram is chief strategy officer at Zoho.