Born-digital businesses that relegate digital ethics and data privacy to the back seat in favor of driving fast growth could end up crashing and burning instead of enduring.

This article is part of our Born-Digital study, where AlixPartners set out to research born-digital companies' unique blend of strengths and challenges and identify the most pressing needs and areas of focus needed to sustain their success.  See all the articles in our series here.

“Most culture statements or value statements end up sounding very banal and very similar. Ultimately, it's not about what’s publicly stated. It’s about what’s publicly rewarded.”

—C-level executive of a born-digital company

 

PRIORITIZE DIGITAL ETHICS

Driving fast growth has come to define many born-digital businesses— and the transformative disruptions they leave in their wakes—compared with their born traditional counterparts. The tech-start-up mantra ‘Move fast and break things’ says it all. By getting innovative products to market at breakneck speed, born-digital companies have birthed brand new, multibillion-dollar industries.

But in their pursuit to define the next big product category or reach the next big customer segment, many born-digital enterprises have not prioritized certain topics related to digital ethics and data privacy. As a result, they risk unwittingly facilitating unethical (and sometimes even illegal) behaviors in their management ranks, workforces, and users.

Events during the COVID-19 pandemic have shown how quickly digital ethics can take center stage. Take video conferencing giant Zoom. The company had to scramble to restore its reputation after cybersecurity glitches erupted while usage of the technology soared during the COVID-19 pandemic. Additional examples include questions that have arisen about how to balance individual data-privacy rights against public health. The use of technologies to facilitate contact tracing or to track people’s movements to see who’s following shelter-at-home orders are just a few cases in point. And with many more people working from home and the possibility that remote work will persist long into the post-pandemic era, employers and employees alike wonder how much visibility a company should have into employees’ actions at home.

Given these new realities, born-digital businesses will have to work even harder to excel at digital ethics and data privacy—if they hope to mature into market leaders. Keys to success will include putting digital ethics and data privacy at the center of product and service design, closely monitoring and rigorously complying with changing regulations, and managing data in ways that benefit customers and employees as well as the business

PUTTING DIGITAL ETHICS AND DATA PRIVACY AT THE CENTER OF PRODUCT DESIGN

Born-digital companies have to be nimble so they can drive changes in or swiftly adapt to customer expectations. But to build a company that lasts, leaders must also establish digital ethics and data privacy protection standards through consensus. That way, people throughout the organization understand what’s expected, and they feel accountable for adhering to those standards. These standards define expectations on multiple fronts:

  • Access to private data
  • Use of data
  • Accuracy and completeness in the collection of data about individuals or organizations
  • Data subjects’ legal rights regarding access to and ownership of their data
  • Rights involving inspecting, updating, or correcting data

Company leaders should also encourage wide adoption of the established standards throughout their organization. Doing so sends a clear message about which behaviors are acceptable—and which are not.

Equally important, the standards focus managers’ and employees’ attention on supporting the company’s long- term objectives, such as developing products that meet requirements related to transparency and trust. With customers paying more attention to data privacy than ever before, companies should put digital ethics at the core of their product or service design, rather than treating it as merely an add-on or a compliance measure.

Privacy by design principles can help companies proactively meet this imperative. What’s more, these principles reduce any temptation to cut corners to reach short-term goals, such as releasing a new product without proper security measures in place to accelerate speed to market. The discipline that digital ethics and data privacy standards encourage can help companies avoid the kinds of problems that have blindsided more-careless enterprises.

"A company’s culture—like an individual’s character—is defined by how executives, managers, employees, and teams behave when others aren’t watching."

NAVIGATING DISRUPTION STEMMING FROM REGULATION

It’s no surprise that to stay ahead in their fast-changing markets, born-digital companies must keep investing in technology and proactively monitor their competitors’ moves. But technologies and competitors aren’t the only disruptors companies have to worry about. We’re increasingly seeing warning signs of a different type of disruption: regulation.

Even now, regulators haven’t yet fully outlined the rules of the digital-business game. Born-digital exemplars have been operating in gray areas for a while. In the latest digital industries, products have been so novel that sometimes there are no pertinent regulations in place at all. Uncertainties around regulation related to social media censorship is an apt example.

This situation may in part explain why born-digital respondents in our study prioritized innovation, customer focus, and creativity—values focused on growth and products—over ethics- related values like social responsibility and accountability.

But the regulatory winds appear to be moving away from self-regulation and toward more oversight and governance. The upshot? Born-digital companies must closely monitor such developments and then define their own internal best practices for complying with digital ethics and data privacy legislation as it emerges and evolves.

MANAGING DATA FOR MUTUAL BENEFIT

As more and more businesses have shifted from the physical to the digital world, consumers have grown comfortable with sharing data about themselves to get the products and services they want. But they’re also increasingly demanding to know more about what data companies are collecting from them, how organizations are using the data, and who is accountable if the data gets used for nefarious purposes. Employees are asking such questions, too.

Laws around those issues have proliferated—most notably, the European Union’s General Data Protection Regulation (GDPR), which many observers say best embodies the current global standard. The GDPR was one of the first regulations to garner international media attention by including significant consumer protections, such as the right to access one’s personal data and the right to be forgotten (by requesting erasure of personal data). In the United States, the California Consumer Privacy Act goes beyond the GDPR in its definition of personal data to include information at the household or device level, as well as data derived from information given to create an individual’s profile that reflects characteristics like a consumer’s preferences, behaviors, aptitudes, and psychology.

Such changes have shifted the burden of compliance to private companies. And that presents new challenges for enterprises in all industries.

To overcome these challenges, born-digital businesses must move from digital ignorance to digital enlightenment—including forging a quid pro quo relationship between themselves and their customers and employees regarding data.

Insights from regulatory shifts can help. For example, born-digital companies can incorporate into their data management practices two tenets that are becoming widely adopted by global privacy regulations:

  • Minimization: Collect and retain only the minimum amount of data needed for an intended purpose.
  • Proportionality: Ensure that the data collected is proportional to the scope of services being offered.

To illustrate, for a personal health and wellness app, data collected should be limited to only that relevant to personal general health, such as age, gender, and diet. It should not include information on a user’s complete medical history.

In addition, companies must follow transparency and disclosure rules. For example, they cannot link customers’ personal details to disparate data sets, use those details for marketing purposes, or sell the information to a third party without adequate disclosure and consent.

HOW TO PREPARE FOR THE CHANGING LANDSCAPE

For many born-digital businesses, attending to digital ethics and data privacy may not seem nearly as exciting as driving topline growth by launching hot new products. But companies that embrace this effort can set themselves apart from their less-stringent rivals—including recovering more quickly in the post-pandemic era and scoring strong returns on investment through savvy risk mitigation.

How to start achieving those advantages? Explore these crucial questions. Company-wide engagement on these questions can help ensure that everyone understands what’s expected of them and that those who demonstrate the right behaviors get rewarded, not punished:

  • In what ways might the pandemic’s impacts permanently change how we manage digital ethics and data privacy?
  • How will rapid growth affect key elements of our culture, such as whom we hire, what products and services we offer, and where we operate?
  • What commitments can we make to our stakeholder community—customers, employees, investors, regulators—with regard to digital ethics and data privacy?
  • In what areas of digital ethics and data privacy can we anticipate regulatory changes, and how can we proactively design our processes to meet them?
  • What ethical and privacy standards will our customers expect us to adhere to three to five years from now, and how well positioned are we to meet those expectations?

LEADERS’ TAKEAWAYS

  • Assess the degree to which people in your company prioritize fast growth over attention to digital ethics and data privacy.
  • Take stock of your company’s current digital ethics and data privacy policies and standards, and identify potential gaps
    or weaknesses that should be addressed. For example, implement privacy by design principles, and adhere to the tenets of minimization and proportionality in collecting and managing customer and employee data.
  • Create opportunities for managers and employees to candidly discuss questions like which behaviors are acceptable and not acceptable, how regulations related to digital ethics and data privacy are changing, and what those changes imply for the ways in which your company operates.

Want to continue the conversation? Contact us.