Retail is at an inflection point with consumer privacy, as nearly half of consumers feel they have lost control of their data, according to Deloitte’s US Consumer Data Privacy study, which surveyed 2,000 consumers to gain insights into their concerns about data privacy and their expectations for retailers to protect it.

Deloitte also surveyed 201 retail executives on data privacy to understand how retailers differentiate across a series of privacy tenets. Nearly 3 in 4 consumers (71%) are willing to share personal data if they receive better pricing, special discounts or exclusive offers. And consumers who are satisfied with privacy policies are more likely to be open or neutral about sharing personal data (73%), compared to those who are unsatisfied or unaware (57%).

Today, more than ever, consumers are at a greater risk for a data breach, as one in three Americans has been exposed to a data compromise.  

The vast majority (86%) of consumers believe they should be able to opt-out of the sale of their data.

Consumers are willing to share their personal information in return for benefits to them, but retailers should walk a fine line not to betray consumers’ trust.

Consumer privacy is at an inflection point in retail, with significant business, financial and regulatory reasons for retailers to act now. Not only are consumers becoming increasingly aware of threats to their privacy, nearly half of US states have introduced or enacted new privacy legislation, impacting 54% of the population. In California alone, the California Consumer Privacy Act introduces some of the most stringent regulations and the cost of noncompliance is too high to ignore.

The survey found that 75% of retailers believe regulations will have a moderate to significant impact on their business. However, only 22% have optimally integrated their data privacy plan with corporate and business unit strategy planning. This misalignment could be a significant opportunity, considering 62% of retailers have more than 50 information systems (spreadsheets, customer relationship management systems, email, point-of-sale) holding consumer data in their organization, which increases the vulnerability of their data.

“While some retailers have moved the bar on data privacy, there is still a lot of work to do. The retail industry should advocate for a consumer privacy standard putting consumer centricity at the core and trust as the guide. Transparency with consumers about what you collect and how you use it can go a long way in developing trust,” says Rod Sides, vice chairman and U.S. leader, retail, wholesale and distribution, Deloitte Consulting LLP. “Retailers who focus on consumer privacy as a strategic growth driver are poised to create more meaningful data, enhance consumer engagement and reduce exposure to risk, all while staying ahead of the evolution of privacy in consumer business.”

Amid the challenges evident in the consumer market, there are clear distinctions in performance and lessons to be learned in the way retailers approach privacy.

According to the survey of retail executives, just 32% of retailers are classified as “leaders” in terms of privacy. Leaders are trust-focused and consumer-centric with privacy integrated into corporate strategy. 

“Laggards,” those who had not made privacy a priority, represented 27%. “Adopters,” whose organizations were working to increase the focus on privacy, but at varying focus levels, represented 41% of all retailers surveyed. Retail industry leaders can benefit from becoming data-wise and privacy conscious while striving for a new standard that addresses concerns from both consumers and regulators, the report notes.