What is Consumer Data Privacy?

What is Consumer Data Privacy?

Data collection is an essential tool for businesses trying to learn more about their customers' wants, needs, and pain points. It allows you to create custom marketing campaigns, personalize product and service offerings, and become a more valuable asset to your target consumer. But how much data collection is too much? Learn more about consumer worries and expectations, customer privacy laws, and the top risks of data collection below.

What is customer data privacy?

Consumer or customer data privacy refers to how companies and third-party data agencies collect, manage, use, and protect various data from transactions. This data includes but is not limited to:

  • Contact information
  • Passwords and usernames
  • Web browsing cookies
  • Purchase history
  • Website behaviors
  • Identifiable information
  • App engagement

As you gather information about your consumers through online communication and in-person transactions, you can create more precise customer profiles. This allows you to deliver a customized experience that meets all their needs and expectations. However, there are standards you must follow when collecting and managing that data, like taking preventive and protective measures to maintain security.

Examples of consumer data protection methods

The more complete the data protection plan, the better protected your consumers and the company will be

Companies have various data protection methods, depending on the nature of the data collected, available systems and hardware, industry-specific threats, and more. Common methods for protecting consumer privacy are:

  • Authorizing passwords and login information for online accounts
  • Encrypting stored data
  • Verifying online transactions through a secondary method, like text message
  • Enabling biometric identification, like fingerprint log on
  • Having a robust data backup and recovery plan
  • Installing and updating security software
  • Staying up to date on industry threats and concerns

Consider your organization's existing data protection methods — which areas are you excelling in? Where can you improve? What industry or business-specific factors do you need to consider? The more comprehensive your data protection plan, the better protected your consumers and company are from threats like malware attacks, fraud, theft, and breaches.

Rising customer data privacy concerns

Companies aren't the only organizations interested in obtaining consumer data — third-party data harvesters and cybercriminals are, too. The following threats surrounding online data privacy make consumers wary about sharing their information and threaten to cost companies time, money, and brand reputation.

1. Identity theft

Seventy-two percent of consumers listed identity theft and fraud as their top online concerns in 2019. Sixty-four percent were worried about having passwords stolen. Identity thieves drain bank accounts, take out loans in the victim's name, and access the victim's financial accounts, personal information, and addresses — which can have a long-lasting effect on things like credit scores.

Identity theft includes employment and tax-related, bank, and credit card fraud. Children and older adults are most at risk for having their identity stolen online. Identity thieves conduct imposter scams and phishing schemes pretending to be another person or organization that the individual knows or trusts. Statistics show more than half of consumers who have been victims of identity theft still feel a sense of powerlessness and helplessness.

2. Financial fraud

Financial fraud - Any type of fraud related to a victim's money or financial services

A consumer's identity and their financial information are two of the most precious pieces of information they can entrust a company with. Unfortunately, they are also some of the most common pieces of information criminals exploit. Financial fraud includes any type of fraud that deals with the victim's money or financial services. Victims might find new accounts opened in their name that they had no part in creating or may be held responsible for Internal Revenue Service (IRS) or Social Security violations they didn't commit. 

The Federal Trade Commission (FTC) received 2.1 million fraud reports in 2020 alone. Of those consumers, 34% lost money. Experts predict consumers will lose a total of $3.3 billion to fraud this year. Top categories for online fraud include online shopping, internet services, fake prize and sweepstake schemes, telephone services, and more. Imposter scams were the most common reason consumers lost money.

3. Hacks and breaches

An organization or individual experiences a hacking attack every 39 seconds. Last year, 524 organizations reported a data breach across more than a dozen countries and multiple industries. The average cost of a data breach the same year was $3.86 million — not to mention the devastating loss to each company's reputation with its customers and employees. In some industries, like medical institutions, a data breach can also result in legal action or fines for the organization in question.

4. Data sales

Data collection and sales is an estimated $200 billion industry that experts say shows no sign of slowing down. Third-party services, like data brokers, collect consumer's browsing and behavioral data through their online and in-person habits. They use the information to create complex algorithms and customer profiles that can be sold to different advertisers and businesses for targeted campaigns.

While consumers generally feel sharing some data and browsing habits is a fair trade for receiving a higher-quality product or service from a company, they're growing increasingly worried about how their data is being used, if it's protected, and whether it's being sold to outside parties.

Government involvement and customer privacy laws

Although the US uses a combination of state and federal laws, it does not have a legal standard at the federal level

Eighteen percent of countries globally have no regulations for data protection. The United States uses a combination of state and federal laws but has no legal standard at the federal level. This often creates legal loopholes or a lack of effective enforcement without a central governing body to oversee and enforce laws.

As awareness surrounding consumer data privacy has grown, state and federal governments worldwide have implemented more comprehensive data protection laws.


The General Data Protection Regulation (GDPR) is the European Union's (EU) recent update to reflect modern data practices. It added laws and updated existing ones to further protect individuals from unauthorized data processing and unsafe data practices. The EU has a central data privacy authority to oversee regulations, enforce guidelines, and issue legal and financial penalties when needed.

GDPR applies to all companies inside the EU and any organization outside of the EU that sells products or services to EU consumers. It doesn't apply to any anonymized data if the subject of that data is not identifiable. Under GDPR, companies are only permitted to collect a consumer's data when they have a legal reason to do so, like protecting the public interest or as a part of a mutually agreed upon contract. All organizations must inform consumers what data they are collecting and the purpose of collecting it. They must also provide consumers information about their existing data rights.


The California Consumer Privacy Act (CCPA) took effect in 2020 and introduced a set of consumer rights and guidelines for organizations regarding customer data. It's the most comprehensive statewide data legislation in the U.S. to date and applies to corporations making $25 million or more per year or those that collect data from 50,000 or more consumers in California. Third-party data companies are also required to follow all guidelines.

The CCPA gives consumers a right to know how their data is being collected, if it's being sold and to whom, and the option to decline the sale of any personal information. It also includes special provisions for young children and minors aged 16 and under. Failure to abide by CCPA guidelines results in penalties and fines.

Two bills associated with California's 2020 consumer data privacy legislation are AB 82 and AB 1281. AB 82 requires all data broker registration fees to be used to offset costs for websites if the information is accessible to the public. AB 1281 exempts the CCPA from some employment or personal information involved in business-to-business transactions and permits some parties, like employers, medical staff, owners, or employees, certain rights to data collection.


CDPA Requires that all companies must help consumers understand the rights of their data

The Consumer Data Protection Act (CDPA) was enacted in 2021 and granted Virginia consumers more extensive rights to their own data. It acts similarly to the CCPA by applying to all companies that control or process data of 100,000 or more consumers or those that collect 25,000 consumers' data and also earn half of their revenue by selling that information. It also applies to all companies that serve or sell to Virginia consumers from outside the state.

The CDPA requires all companies to help data consumers understand their data rights by offering opt-in consent, the ability to opt out, and information about data collection and sales.


The Colorado Privacy Act (CPA) of 2020 applies to Colorado businesses that collect data from 100,000 or more in-state consumers or 25,000 consumers while deriving a portion of revenue from selling that data. It gives consumers the right to opt out of target advertisements and data sales, and the ability to request that companies delete their data. Some exemptions apply.

How consumer data privacy impacts your business

Protecting your customers' data demonstrates transparency. It's also a good move for your company if you're hoping to grow or instill trust in your consumer pool.

Data protection is a good look for your brand and business growth

Research shows that only 21% of consumers trust large, global brands to keep their personal information secure, and nearly 70% want to do business with companies they can trust. In the event of data loss, 64% of Americans blame companies for mishandling their data instead of cybercriminals who hacked or breached the content.

For these reasons, data transparency and protection are key to winning your consumers over, standing apart from your competitors, and fostering a customer-to-company relationship built on trust and mutual sharing. The Journal of Management and Marketing Research reports 30% of business failures result, at least in part, from security-related criminal activity. Don't let it happen to you. Take proactive steps to address the transparency gap, make data collection more straightforward and simple to understand, and address data breaches promptly and with honesty for your consumers.

Data privacy also protects your company and employees from internal hacking or data misuse. For example, remote employees who rely on mobile workstations and software have increased security with strong mobile infrastructure protecting data, such as cloud storage.

Customers value privacy 

Customers are looking companies with strict data privacy and protection standards

Almost 80% of consumers are concerned about companies collecting their data, what that data is used for, and whether companies are taking appropriate steps in the event of data misuse and breaches. This is part of the reason 1 in 10 global internet users use ad-blocking software to block companies tracking browsing habits and why nearly 90% of surveyed consumers said they refuse to continue business with any company that doesn't handle data security well.

Unsure if your customers are concerned about data? Consider these statistics:

  • 64% of smartphone users in the U.S. said a brand's data privacy policy is a very important fact to consider
  • 46% of U.S. consumers will buy a product or use a service only if they're sure the company will protect their data and privacy
  • More than 20% of consumers have stopped shopping with a company entirely because the company collected their data without express permission

Consumers prefer to trust their information to and work with companies that only request relevant data, react quickly to suspicious activity, behave proactively about data protection, and don't ask customers or site visitors for too much personally identifiable information. The Pew Research Center found most adults in the U.S. feel powerless over their personal information. Your consumers are seeking reputable companies with strict data privacy and protection standards, and you can meet those needs with a proactive privacy plan.

What you can do right now

The FTC says the five most important things any company can do to protect consumer data is:

  1. Consider all the data you're currently collecting
  2. Scale data collection down to only the necessary information
  3. Protect saved data
  4. Dispose of unwanted or unnecessary data
  5. Create a proactive plan for security incidents

This means you can take actionable steps today to create a safer environment for consumer data.

1. Only collect what you need

Let your consumers know what you collect, what you will use, and how it will benefit the product or service

You can increase consumer confidence in your company or brand by only collecting the data you need to operate your business and offer the best product or service possible. If removing a piece of data would not alter your operations, there's no real need to keep it. Minimizing the amount of data you collect also puts a smaller target on your organization for cybercriminals, since there is less to access and exploit.

Communicate your data collection plan with your consumers. Let them know what you collect, what you will use the information for, and how it will directly benefit the product or service they're receiving. Give them a choice to opt out of any optional data collection.

2. Conduct regular data audits

Data audits take a close look at all the data your company is collecting, storing, and utilizing, and identify possible vulnerabilities or signs of misuse or unauthorized access. Regular audits, either by an internal committee or external expert, ensure your company is always up to date on the latest security threats and trends and that your data is as safe as possible. You can communicate your plan for data audits to your consumers, so they know their information is in good hands.

Use the information you gain from data audits to reframe employee training and adjust security measures. For example, if an audit shows customer data was breached due to an email-related phishing scheme, plan a training session to keep your team informed about phishing tactics, how to spot them, and how to escalate suspicious activity to the correct department or manager.

3. Avoid data silos

Avoid data silos by moving your operations to a cloud-based system like the Content Cloud

A data silo is a term for storing different types of consumer data in different places, creating "silos" of content not accessible to everyone in the organization. Data silos create the optimal environment for data to get lost, breached, hacked, or misused. It also slows workplace productivity. 

One way to avoid data silos is to move your operations to a cloud-based system like the Box Content Cloud. The Content Cloud connects your team seamlessly on a single, virtually based platform to eliminate dangerous silos and implement a stronger, more organized approach to information collection.

4. Have a security plan

A prompt, thorough security plan is essential for protecting consumer data. Start now and create a step-by-step action plan for each department to use if data is breached or suspicious activity occurs. Include regular data backup and recovery methods, so nothing critical is lost.

Your plan should include a method for quickly alerting consumers of the breach or hack and giving them a detailed look at how your company is handling the situation, which information was compromised, and the steps you're taking to rectify the occurrence and prevent it from happening again.

5. Stay informed on your industry and technology

Stay up to date on industry risks, security trends, and other critical information to keep your security systems robust and effective. Some industries, like financial and medical institutions, are more prone to data compromise than others. Attend conferences, read industry newsletters, and utilize employee feedback to adjust processes and conduct ongoing training. Invest in new technology and security software whenever possible and keep those systems up to date.

How Box helps with data protection and privacy

All functions of the Content Cloud comply with an overview of the implementation of common policies

Our Content Cloud keeps your data safe, making it easier than ever to implement comprehensive consumer privacy strategies. All features on the Content Cloud meet and exceed industry standards while abiding by a high-level overview of compliance for common policies, like HIPAA, GDPR, and CCPA. Our region-specific data privacy will help your company operate within local regulations and display applicable privacy notices for how information is collected, used, disclosed, and transferred.

All content stored on our enterprise-grade services undergoes regular security audits and 24/7 monitoring. All collected data is encrypted and backed up daily to an additional facility, so you never have to worry about losing your team's valuable information. Our platform also gives you the flexibility to choose how you dispose of content and what your data lifecycle looks like without interrupting operations. Grant and rescind access to departments or individuals through our secure system, so you can control who accesses which consumer data and how much of that information is visible.

Box Shield, our new, powerful native capability, lets you manually or automatically identify and classify important documents and data to prevent leaks and increase productivity. It gives your team the power of intelligent threat detection to mitigate risks before they harm your company, brand reputation, or consumers.

Learn more about the Content Cloud today

The Content Cloud gives your organization an all-new approach to the way you do business. Every part of your company's operations, from content creation and editing to project collaboration and secure document access, can happen on a single, secure, easy-to-use platform. Streamline your workflow and improve productivity with features like sales management, virtual human resources, engineering tools, and region-specific legal compliance for all your stored data.

Contact the Box team to learn more about the Content Cloud and what it can do for your company, or check out current pricing to see which plan is right for you.

Every part of your company's operations, can happen on a single, secure, easy-to-use platform

**While we maintain our steadfast commitment to offering products and services with best-in-class privacy, security, and compliance, the information provided in this blogpost is not intended to constitute legal advice. We strongly encourage prospective and current customers to perform their own due diligence when assessing compliance with applicable laws.