Like what you're asking 'em to do, they can simply drop the microphone and walk off the stage. So your approach to customer and really moving them from this anonymous state where most customers begin their journey with you to a known state is a very different way of looking at identity than maybe in more traditional settings where your employees, your partners are somewhat compelled to go through your identity system, regardless of their preference for what they're doing. Now.
Interestingly, there's also a big gap right now between how consumers view brands and the trust they have with the brands they deal with. And we can see over two thirds of consumers, don't trust brands with their data. So you're already starting at a deficit and really the manifest station of this. And this was a global survey of over 4,000 consumers in both the us and Europe.
And we found that between the us and Europe, there's a similar level of distrust. Interestingly, in Europe, this has led to the GDPR, right, which really put consumers back in control of their data.
However, that same distrust exists in the United States. So this really represents a global opportunity for building trust with consumers. Not only do consumers, not trust brands, but the majority actually feel like the problem is either the staying the same or getting worse. Because if I give you my information, odds are I'm going to be stocked across the internet with advertisements for your product or service. Because as a marketer, that's often our job, right? To get you to move from that initial interaction to a conversion. And I'm always measured against how am I converting?
How am I getting customers to sign up? And a, a sign up is generally super, highly valuable and can lead to a long term lifetime value.
So I'm willing to irritate a number of people in order to get that initial sign up. But this is causing a great deal of mistrust amongst consumers.
Now, the good news is, is consumers do feel accountability for their security and for taking responsibility for their data. In our survey, we found that over 63% of consumers feel personally responsible for protecting their data. They don't feel the brand or the government is gonna do a good job of that for them, that it's really up to them. And really we've seen taking a transparent approach to privacy can be quite effective.
Facebook, for example, did a major change and shift in their privacy policies about two years ago. And this is something Facebook did independently because they realized one of their biggest barriers to growth was this trust with the consumer and that their legalese around privacy, their terms of, of service and privacy settings were actually a major barrier to signups.
So they actually implemented about two years ago, a transparent approach to privacy.
And I, I, for those of you on Facebook, you probably every six to 12 months, you get a little refresher, a reminder. Would you like to look at your privacy settings? Who are you sharing with and how are they set right now? And this is help spur tremendous growth inside Facebook. And what given the opportunity, 61% of Facebook users actually have actively gone in understand their privacy settings and have made changes and adjustments to those settings.
So again, not only are consumers feeling the accountability, but they're also willing to participate in their own protections. And as I think one of the questions earlier asked about data breaches and kind of the notification and how widely publicized many data breaches are in the us. And you can see again, that many consumers that realize they're doing business.
One of those co with one of those companies will go in, change the password, add a second to factor of authentication or close the account. If they realize they've been compromised.
So again, consumers when given options and choices are willing to take those actions, but again, most brands do not offer these as self-service options to their customers today. So really the challenge is then how do we build this trust and relationship with the customer progressively over time? Right.
I think in the panel earlier, there was some good discussion about context and how do we really over time, rather than asking for everything all at once and forcing a tough customer experience, how do we really begin to overlay identity into the customer journey in this case, from awareness through to advocacy and everything in between. And oftentimes as mentioned, it doesn't start with a full profile of full knowledge of that person's identity.
It's gonna start with a fragment and believe it or not for a marketer, oftentimes it begins with a device ID or a browser type and location, right?
And that's why many of your marketing colleagues will actually start off with devices and have device as the primary identity versus a consumer or an individual person, because simply at the first interaction that person behind the device is not known, but based on cookies and other activity, the device and the method by which a someone came in can be known right away. So how do we start to move from these anonymous interactions? And maybe right now there's cookie notification required for, for European companies. And maybe you can start to understand who's agreed versus who's click passed.
It's simply a notification. There's no consent given for, for cookie track tracking.
However, as you move into things like say news alerts.
So if you go to cnn.com right now and put in your cell phone or an email, and you wanna receive news alerts, or perhaps you've gone to your favorite website and you wanna receive their newsletter, this concept of light registration, all I need is an email, a phone number, but I can now begin to understand what that consumer is consented to from an electronic communications perspective.
I can begin to understand, Hey, maybe they're interested in sports and wildlife versus say, motorcycles or sports cars and begin to understand and build up a profile of that person even before true identity is created. Now, at some point, the goal is to get them to go through that full registration process. And I think this is part and parcel of what we do day to day, both from a consumer, as well as an employee per perspective, setting up the username, the password, and hopefully understanding a little bit of the, the profile of that individual.
And this is where in customer identity, things like social identity, social login, and a number of different identity providers can come into play to reduce the friction in that sign up process, and hopefully increase conversions. Now that is not the end of the story. And with consumers, we've seen people very effectively leverage something we call progressive profiling. So for example, Vogue Australia, you can imagine their demographic is very willing to fill out surveys on the latest fall fashion. What are the colors of the season?
And they're actually over time through these surveys and through these questions, building up additional information about those consumers and in the case of news life media, they're actually to take that value added segment information and provide it to their advertisers and say, you know what, here's a demographic that's very interested in running our sports. And we think we could provide kind of interactions with those consumers at a value added amount.
And then finally enriching the customer profile data through something called identity sync, which then allows you to connect this up to your CRM, into service applications or other third party add surveying and other applications that may use that information for personalization.
So really kind of building this full picture from that first anonymous interaction right through to the end of course, from an identity perspective, there's a number of key components that are required at each one of these steps, whether that be from consent management and making sure that you have the appropriate consent for each data processing step through the, through the process customer and social profile data.
So being able to make sure that not only are you complying with your own terms of service, but if you are offering social login that you have the right consent from a Facebook privacy terms of conditions perspective with Google plus Twitter, LinkedIn, whatever the network is that you are working with, that you're able to then govern that data in the appropriate fashion.
Maybe I've consented to one data processing step that allows me to feed that information up into say an ad role for personalized ad serving. But I haven't gotten permission to email that user yet.
So I can't put that into my email marketing solution and being able to govern those workflows and information based on the consent provided by the consumer. And then finally, as a foundation, really all of the authentication and authorization that I think many of you deal with day in and day out. So think of, you know, the work that we do here in terms of letting people into and out of systems of identity assurance as being foundational, but not sufficient to meet that broader customer use case. And really the better you are at this, the more you can build that consumer trust.
We talked a little bit about consent management. So again, you can see a couple of examples here on mobile devices of perhaps starting that customer relationship with an update and alert in this case about the art they might prefer or a newsletter, and then allowing them to sign up with a single click via their social network and removing and providing transparency in terms of how you're going to use that data.
So those running shoes you were looking at on a website, don't suddenly start following you around the internet, despite the fact that you've already actually purchased those shoes, being able to provide things like an adaptive and intuitive inter phase for both capturing preferences, as well as consent settings, and then allowing them to review, edit, update, delete, really putting the consumer in control of their profile of both the data that they've provided you directly, but any other first party data that you may have collected based on browsing behavior, mobile device, or other location information that you may have gathered via their IP address.
So again, putting that consumer back in control of their information, empowering them to see what information you have and how you're using it within the context of that customer identity becomes quite crucial in terms of the customer journey. So again, it's all about building up trust over time and putting the consumer in control.
And really this should create a virtuous cycle for you. Hopefully the better you are at the progressive profiling and building customer data over time, the more of a burden and the more do need to make sure you're complying with privacy.
And I always like to say with great power comes great responsibility, right? And really we see this reflected not just within the GDPR, which I know has been a huge topic of conversation both today in the workshops, but also throughout the, the rest of the conference. But you have to remember the landscape around privacy and compliance, particularly when you're dealing with consumers is, is very broad and complex. I'm sure most of you probably do business well beyond the borders of the European union and have to deal with things like data residency.
So obviously Russia has their PD PA legislation, which requires Russian citizen data to be primarily stored in a Russian data center.
China just passed their cybersecurity law, also requiring with data localization and data residency for Chinese citizens. Data transfers between the us and, and Europe are, are governed under the new privacy shield, which replaced the safe Harbor act. And I could go on and on and on here.
And interestingly, while GDPR is getting all the headlines right now, the FTC over in the United States is leveling some large fines against companies like Visio, who is collecting TV, viewer data without the right consent. They actually did have a consent setting on their set top box, but it was something called viewer analytics. Nobody understood what it was. So therefore the consent wasn't freely given for capturing the, the data and they were leveled a multimillion dollar fine for that breach of consent policy.
And this is in the United States where privacy is considered to be much more lax than here in, in Europe.
There's also things like w three C, which again, does things. So for any company that has a brick and mortar presence, as well as an online presence. So a company going through digital transformation in the United States will have to have the same accessibility requirements as their brick and mortar shop.
So making sure that your forms are e-reader friendly so that people that are visually impaired can have their sign up screens and their profiles read to them versus having to read them obviously. And then finally HIPAA. So really having a strong understanding of the types of information that you're handling, the types of regulations you might be subjected to, and then being able to do deal with things like anti-spam regulations like Cale and Canada. GDPR also has strict requirements around digital communication as well.
So again, I think GDPR because it is new gets a lot of focus.
However, we have to remember that GDPR really is meant to be a harmonization instrument amongst a number of diverse legislations across the EU.
So really has a broad scope that really requires a hard look, not only at the terms and service and the legal team, but also how you're actually impacting your customer experience, which is going to really require us as security and risk professionals to reach across the aisle, to our friends in the digital team that may sit in marketing or elsewhere in the office of the CTO or CIO, and really make sure that that customer journey is encapsulating the consent, the edit, the right to be forgotten and the update and the transparency to that customer.
And then also the governance that's required around that data in terms of how it's used for a long time. We in the marketing department have had a very free reign in terms of how we use that data and leverage it across not only within the organization, but also out to third parties and providing that data for segmentation, for ad personalization, for website personalization, and a number of other things that really ultimately are a benefit to the end customer, but do require that consent to be provided under this new regulation.
And really, again, the interesting thing about the customer is it really does allow you to build a, a, a strong revenue based model. Again, in the marketing department, I know my team we're held accountable to the number of stage one opportunities that we create. I E the number of conversations and people that enter into a sales cycle with giga. So increasing that rate by a significant portion, even up to one third can have a massive impact on top line value, understanding the value of a registered user.
So again, the more of these people that are sign up and feel comfortable with you as a company and an organization and a brand, the better off you're gonna be from a lifetime value. And finally that ability to increase engagement and really get companies to engage with you and your brand.
So, again, it's all about building trust with this elusive animal called a customer that really has no allegiance or need to follow a process. They really are going to exit your system. If they don't feel comfortable, or they don't feel that you are providing a, a good service or a good return for the data. And then being able to do this in a transparent way that not only enables you to get a customer from anonymous to known, but does it in a privacy compliance way. So with that, I'd like to thank you for your attention this evening. And thank you very much for your time.
Thank you very much, Jason. My pleasure. There was one question from the audience just quickly, because we're a little bit late. You mentioned a study we're two third of the people of the consumers would not trust companies. Do you have a source?
Yeah, sure. We actually Giggi sponsored the study. It was with 4,000 consumers, 2000 in the United States, 2000 in Europe, we have a full white paper infographic and have done a, a number of press articles on that story. It can be found on our website. Okay.
Thank
You very much. Great. My pleasure.
