Main content

Trust and privacy in 2020 - how should brands approach CCPA, and privacy-assured marketing?

Barb Mosher Zinck Profile picture for user barb.mosher January 3, 2020
California's CCPA, now in effect, brings data privacy into focus on U.S. shores. But does meeting privacy guidelines like GDPR and CCPA lead customers to trust marketers? Not so fast.

Confused business team holding a question mark sign

If your brand implements policies around GDPR and the soon to be here CCPA, does that mean customers can trust you? Do privacy regulations and trust go hand in hand? Not necessarily.

Everyone is getting ready for CCPA

Last year we saw the rush to get compliant with the UK privacy law, GDPR, and we saw a flurry of emails asking us to re-confirm we want the brand to send us emails.

This year, the US has its own privacy regulation - starting with California. CCPA (California Consumer Privacy Act) is similar to GDPR and different at the same time. However, it also requires brands to update their privacy terms and conditions (and a flurry of emails, letting us know there are changes).

But is the rush to compliance affecting a brand's view of trust? The CMO Council whitepaper, “ Exceeding The Requirements of the Trust Economy - Identifying opportunities to secure the trust in brand experiences,” noted that 57% of global marketing leaders said data security, privacy and accountability are the most critical demands of customers.

Customers are willing to exchange their data for personalized experiences, but they are also quick to leave a company if they believe that the company is not handling their data responsibly. It comes down to a matter of trust - does the customer trust the company to handle their data and use it to create the right experience?

And that leads to a bigger question. Is it enough for a brand to comply with privacy regulations to provide they are trustworthy? Or is something bigger required?

The CMO Council interviewed executives with brands dealing with privacy and trust in their organization. What’s clear is that trust and privacy are not the same things. Sonesh Shah, VP Marketing and Head of Digital for Bosch NA explained it this way:

Companies right now have an option: start now by trying to build out what brand and user trust means and take the next months and year to really put that into practice. OR you can just follow the regulatory trends and rules coming from State X or State Z and just let the compliance team work with marketing, telling the team what they can and cannot do. Option two may be the more typical path. But it won’t be that fruitful.

It is necessary to ensure compliance with privacy regulations, but if you’re only doing it from the perspective of checking the boxes, and you’re leaving that work to the CIO and CSO, then you’re missing something very important - the customer.

Bosch’s Shah believes that the CMO makes the most sense to make security and trust a strategic path forward. “I don’t think you’re going to find a strategic brand-driven approach around user data unless you MAKE it the CMO’s responsibility. Until you do that, I think you are going to get functional, regulatory approaches. You are going to get processes that never get adopted into the fabric of the culture and into the foundation of what the brand should be.

Security is an attitude

According to the executives interviewed for the CMO Council paper, the security of customer data is not simply a functional task. Instead, there should be a “strategic brand-driven approach around data.”

Look at it this way. If the key to creating better customer experiences is personalization, then you need customers to share their data with you. If they trust you, they will share their data. If they don’t, then you can’t deliver the experiences they demand. That means trust is key to engagement. And who is responsible for driving engagement? Marketing.

Grace Dolan, Vice President, Integrated Marketing at Samsung:

Customers want recommendations for content to watch based on their expressed interests. And as marketers, we CAN deliver these experiences customers have chosen to have… but ONLY if our customers trust us and we are transparent in how we handle their personal information.

A new term popped up in this paper: privacy-assured marketing. It comes from John Summers, VP and Chief Technology Officer at Akamai Technologies, and it means “fulfilling the contract of digital trust forged between customer and business.” Essentially, you must become a privacy-first organization, with privacy a key component of every interaction or engagement and every strategy.


Brands need to make it explicit that they are a privacy-first organization, implementing the proper governance and distribution of data across brands, channels and touchpoints.

Part of this is the idea that marketers only ask for what they need from the customer to deliver on the experience they promise, and that data is only shared inside the organization where it is needed to support the experience. Also, by centralizing customer data, you not only improve the security of that data but everyone in the organization from marketing to sales, support and service work with the same information and ensure a consistent experience.

Trust or trustworthiness?

Trust isn’t a thing you pass around; it’s a state of mind. This is something Tim Walters of The Content Advisory wrote that should make us all stop and think for a minute (or an hour or more). Walters points out that you can’t create trust but you can earn it - by being trustworthy.

This is an interesting twist. In the age of CXM and customer-centricity we’re supposed to be obsessively, exclusively focused on the consumer. But if trust is the fuel for successful CX, then increasing its power means concentrating on ourselves, on what makes us trustworthy – and on communicating that successfully to consumers.

Ensuring compliance with privacy regulations is one way to prove trustworthiness. When you are transparent with what data you need to collect to provide a better experience and how you use it, then you are on the right path to earn trust.

But trust isn’t earned only from data collection transparency. You earn it by creating products, content and communications that are meaningful, consistent, and in line with customer expectations and needs. These things don’t need a privacy regulation to happen. But they do need to be an integral part of your marketing strategy.

A grey colored placeholder image