Senior Director – Intellectual Property & Innovation Policy, Canadian Chamber of Commerce
Scott Smith, of the Chamber of Commerce, emphasizes the need for transparent public dialogue on cyber resilience.
Without customers, no business would survive. Violating customer trust and loyalty by stepping outside of what customers expect will inevitably harm the relationship between a business and its customers. Today, there’s much greater understanding of the power of customers among businesses, and it can serve as a built-in, self-regulating motivation that drives responsible corporate behaviour. Customers respect and value a company that provides them with consistent and good experiences. These actions earn and build customer trust.
Cyber breaches like Equifax’s in 2018 and Capital One’s last August significantly damage consumer trust in the digital economy because they impact real people. Interestingly, the immediate reaction in the public discourse is to blame the companies involved for violating consumer privacy. The reaction when governments or elections are hacked, however, places the onus squarely on the hackers. Why is there a double standard in public opinion? The truth is complicated, it seems.
More and more, consumers are demanding improved consent requirements to prevent the individual and severe penalties for companies that fail to secure personal data. However, we’ve learned that more consent doesn’t equal more privacy. Equifax and Capital One were the victims of cybercrime, and penalizing those companies for a failure of security safeguards only increases the cost of doing business and the price of goods and services for consumers. It seems that no one wins in the current environment.
We need a more fulsome and transparent public dialogue on cyber resilience.
We need a more fulsome and transparent public dialogue on cyber resilience. Investment in skills and training will help. Better enforcement, with massive penalties against those who perpetrate cybercrime and enforcement resources to go after bad actors, will also help. But the real solution for Canada is to build a world-leading cybersecurity solutions industry. Providing policy and financial incentives for business to invest in new technologies like artificial intelligence and quantum computing will be far more effective than adding new consent requirements for the collection of personal information.
Getting back to the almighty consumer, the business community didn’t waste any time dealing with the rising threat. Industry responded with changes in practice guided by organizing principles and codes of practice, like the International Chamber of Commerce (ICC) Advertising and Marketing Communications Code. Industry has also evolved its response to data breaches, implementing new protocols for cybersecurity and sharing cyber threat information through organizations like the Canadian Cyber Threat Exchange (CCTX) as a means of improving on meeting customer expectations.
As the old saying goes, the consumer is always right, and businesses will follow their lead. And industry always moves faster than government or policy. In the debate on hacking, let’s keep our focus on the consumer, and the blame on the hackers.