Businesses admit to unethical data processing

A shocking new survey from KPMG reveals the level of unethical data processing and that customers are right to be concerned about how organisations are using their data

A recent KPMG study, surveying 2,000 adults and 250 business leaders in the USA, reveals fascinating – and worrying – insights into how corporate data practices and consumer expectations are shifting. 

Let’s look at some key findings.


Unethical behaviour


  • 29% of those surveyed admitted that their company sometimes employs unethical data collection methods, and
  • 33% said consumers should be concerned about how their personal data is used by their company.

Source: KPMG

The executives surveyed were clearly not comfortable with the status quo:

  • 62% said their organisation should be doing more to strengthen existing data protection measures.

Of course, this is not good for individuals but it also suggests a high degree of stress for staff at these entities responsible for, and reporting on, compliance. At a human level, this is clearly a suboptimal situation for all concerned.

But these organisations are missing out – Privacy compliance doesn’t hamper revenue and profit, it grows it.


Compliance as a growth engine

It’s the first time we’ve seen statistics like these on the level of awareness executives have around the ethics – and perhaps legality – of their personal data processing. So Keepabl reached out to Orson Lucas at KPMG US. Orson is a Principal, Advisory, and the Privacy Services Leader who produced the August 2021 report Bridging the Trust Chasm.

We discussed the survey results and asked Orson for his expert view on whether organisations can improve their compliance culture and eradicate this unethical behaviour without jeopardising revenue and profit?

Orson’s response couldn’t be clearer:

‘Absolutely – in fact, this should be the primary goal of a well-conceived privacy program. But culture is the key word: it’s incumbent on board and executive leadership to establish and enforce a culture grounded in respect for consumer privacy rights.’

Orson continued (our emphasis), ‘Doing the right thing, for the right reasons, is ultimately good business sense and will not only not jeopardize, but will contribute to increased revenue and profit. But to be successful, it will require some forethought and planning (and likely, investment) to build the right capabilities and set the right cultural tone’.

There’s a lot of data out there to back up Orson’s statement.


Trust wins in the Trust Economy

Cisco’s 2021 Data Privacy BenchMark Study confirmed for the second year running that return on Privacy spend is attractive, with 35% reporting benefits at least 2X and 7% even getting 5X or more than their investment.

And importantly, these benefits hit key areas where all businesses should want to win, with Cisco reporting that ‘more than two-thirds of respondents felt they were getting significant benefit [in 6 key areas, see the image below] … up significantly from around 40% from the year before’:

Who doesn’t want to reduce sales delays, mitigate security losses, enable innovation, achieve operational efficiency, build trust and make their company more attractive?

And reducing regulatory risk seems a good idea that will only get better over time…


The fines are only increasing

Late July 2021 saw Amazon fined $887m by the Luxembourg Data Protection Authority. According to Amazon, the fine related to how they show customers relevant advertising. It’s a huge sum.

As was the €225m fine on WhatsApp by the Irish regulator, a record sum from Ireland, for lack of transparency in the Privacy Notice provided to users. The fine was also a large increase on the regulator’s reported initial proposal of €30-50m, which the other European regulators strongly felt was far too low.

While these huge fines are likely to be appealed, they show a clear direction in enforcement for breach of any aspect of GDPR – neither of these were concerned with Security for example.


Keepabl can help

That’s a big statement, we know. But you can see in our case studies that our customers not only save organisations time, cost and stress on Privacy compliance, our solution helps assess and manage risks and handle breaches, makes compliance more efficient, and provides valuable insights – important when you’re looking to change culture. Do contact us to see what we can do for you.

Related Articles

Article 30 Records vs RoPA vs Asset Register vs Data Map

Article 30 Records vs RoPA vs Asset Register vs Data Map Does it matter what you call it?  Oh heck, yes.  I mean, was Boba Fett in Star Trek? Article…

Read More
Blog Privacy Kitchen
A strong finish for 2021

Aware of the stress that comes with working during a global pandemic, this year we’ve tried extra-hard to make things easier on the GDPR front in the way of product…

Read More