NHS more trusted with personal data than private sector

The private sector could learn from the NHS and the rest of the public sector when it comes to inspiring trust among consumers over personal data.

The third and most recent Data Nation report from Deloitte shows 60% of respondents are most trusting of public healthcare providers and 51% of other public sector organisations.

By contrast, 31% trust social media companies with their data, 34% trust telephone companies and internet service providers, and 39% are “least concerned” about having banks and credit cards companies having their personal data.

And yet the public sector has reported many more data breaches to the Information Commissioner's Office.

Thirty-six percent of the incidents reported to the ICO between April 2013 and March 2014 were from public healthcare bodies, noted the report, with 27% from the rest of the public sector. By contrast, 6% were from retail banking, 2% from telecoms, media and technology, and 1% from retailers. Education (8%), professional services (6%), non-profit (4%), and other sectors (10%) accounted for the rest.

Harvey Lewis (pictured), data analytics director of Deloitte, said: “The public good aspect explains the greater trust in the public sector, and the personal benefit you get. I know what I’m getting back from my GP and hospital, so we are more inclined to trust them."

The Data Nation 2014 survey was carried out in the UK by Ipsos MORI in April 2014, on behalf of Deloitte, using face-to-face interviews among 2,025 people aged 15 and above.

“What has not changed in the three years we have carried out this research is the low levels of confidence that people have in organisations using their personal data. That is between 20% and 30%," said Lewis.

“We would like to shift the debate to understanding why there is a lack of trust. Those who show high levels of trust benefit themselves and the organisations they transact with," he said.

“There are three ingredients for organisation to do this well: transparency, delivering personal benefits that are tailored, and giving consumers and citizens back control to ensure their data is up to date.

“Of those three, the data shows individuals’ getting personal benefit is the factor that will significantly increase confidence levels."

Forty-seven percent of respondents were willing to trade their personal information to save money on products or services; 46% to improve products and services; 42% to meet personal goals and 39% to get personalised products or services.

Consumer data

“Wearable technology is hitting its niche here,” said Lewis, “people wanting to lose weight, and so on”. And social media companies who treat personal data well could enjoy success from users whose trust they have gained, he added.

However, the report noted that 38% of UK consumers admitted lying when giving personal information, and that figure rises to 50% among 18-24 year olds.

"Companies need to work harder to understand their customers," said Lewis. 

"Not giving the correct information could be a sign that you should not send them offers. Or at least make clear why you are asking for certain information, especially if it is not required, so that the choice is informed."

He gave the example of being asked to present a boarding pass when buying a non-duty free item at an airport.

The survey found 63% of consumers lack faith in companies’ ability to keep their personal data safe. It would also take a person 44 hours every year to understand the privacy policies of the top 100 websites visited by the British public – last year, the number of hours was 31. 

“It would have been nice to see that number come down, but it hasn’t. The sectors that do a good job of writing clear privacy policies are the media and the public sector," said Lewis.

Deloitte found that it takes 26 minutes to read the privacy policies of the top 100 websites used by British web users.

Peter Gooch, a privacy leader at Deloitte, said: “Companies should make the privacy policies easier to understand by using everyday, clear language.  People do care about what’s being collected about them, so organisations need to look at how this information is provided and go beyond simple legal compliance. This could be through using abridged notices to highlight the most salient points, while linking to full policies, or developing microsites that clearly explain how and why information is collected and who it is shared with.”