Bridging the Trust Gap: The Hidden Landmine in Big Data

By John Rose and Alexander Lawrence

This is the first in a series of articles exploring what really matters for organizations that collect and use consumer data.

Big data has the potential to be both friend and foe. The Boston Consulting Group conservatively estimates that trusted uses of big data and advanced analytics could unlock more than $1 trillion in value annually by 2020. (See “The Value of Our Digital Identity,” BCG article, November 2012.) However, recent BCG consumer research has uncovered a previously hidden obstacle to successfully unleashing this enormous opportunity: data misuse.

Data misuse does not refer to a use of data disclosed in an agreement that no one reads when signing up for a credit card, mobile phone, or social media service; it is not even about whether a use actually causes harm to consumers. Data misuse occurs when consumers are unpleasantly surprised upon learning that data about them has been collected or that it has been used in new ways—that is, outside of the original purpose for which it was gathered—and when they perceive such practices to be potentially harmful and feel that the company should not engage in them. (An example would be when a company originally collected data in order to complete a transaction or ensure that potential customers are good prospects but is now using it for marketing purposes.) Our research suggests that consumers’ reaction to data misuse—defined in this way—can cause them to reduce their spending with a company by about one-third.

Executives will not mitigate data misuse by writing even longer and more complex legal documents for consumers to ignore, or by working even harder to ensure that companies don’t run afoul of regulations and legal agreements. Instead, company leaders at the highest levels must develop new ways to manage and use data, rather than confining the discussion to legal or IT, as it is at most companies. Even organizations that use data for completely legal and fully disclosed reasons are on a collision course with their customers. The steps companies take now to assess and address this risk will confer significant, long-term, and sustainable competitive advantage and head off the looming threat to their earnings performance.

The Weakened State of Consumer Trust

Issues of privacy and trust continue to be at the top of consumers’ minds. In fact, feelings about these issues have intensified over time. When we surveyed consumers across 20 countries and multiple generations in 2013, it was clear that they all cared deeply about the expanding use of “their” data. (See The Trust Advantage: How to Win with Big Data, BCG Focus, November 2013.) For instance, in every generation and in most countries, consumers were five to ten times more likely to share personal data with an organization if they trusted that the data would not be used to harm them. Moreover, 83% of US consumers agreed that they needed to be cautious about sharing personal data online—again with only small differences across generations and across most of the countries surveyed.

A new BCG survey of 8,000 consumers in the US and five European countries shows that these concerns remain at high levels in most product and service areas. Consumers who say they are concerned about the sharing of personal data online increased slightly from 83% to 86% in the US. Four out of five US millennials are similarly concerned. Consumer willingness to allow companies to use data in new ways remains roughly five to ten times higher among those who trust a company to prevent harmful uses than among those who do not.

Of greater concern, nearly half the consumers we surveyed believe that companies are neither being honest about their use of data nor taking adequate steps to protect it. In fact, only about 20% of consumers across all the countries surveyed trust companies to “do the right thing” with their data, and approximately 30% across all the countries surveyed believe that companies will not do the right thing. This is particularly troubling given that 71% to 79% of the surveyed consumers said they would be unlikely to share or let data about them be used by a company they did not trust.

Because consumers are already skeptical that companies will be honest about, protect, or otherwise do the right thing with existing uses of data about them, they are primed to view most new uses of data with significant distrust—and, even worse, as probable misuses.

The Cost of Crossing the Line

Companies face a hefty penalty for doing the wrong thing with consumer data. They lose access to five to ten times the data they could have used had they excelled at creating trust. What’s new from our recent research is the real revenue impact of that loss of trust.

Consumers are now demonstrating that they will “vote with their feet”—stopping or significantly reducing spending—if they believe that a company has misused data about them or other consumers. As noted, this can have dramatic results: in the US, customers who are aware of and concerned about a data misuse reduce their spending by about a third in the first year. Overall, that means a 5% to 8% loss of total company revenues in the first year after these customers have stopped or reduced their spending, dropping to a 3% to 5% loss in year two. (The overall revenue loss is a function of the much larger size of the total user population.) However, as consumer awareness and concerns increase, we believe that data misuse has the potential to cut overall revenues by 10% to 25% in year one, dropping to 5% to 15% in year two. While differences exist between the US and the European countries surveyed, the potential revenue losses are comparable.

This consumer reaction to data misuse is significantly greater than the reaction to data breaches or other cybersecurity events. In fact, 25% more US consumers have reacted to a data misuse than to a data breach by stopping or reducing their spending.

The impact of data misuse on a company is a function of several factors:

  • The Size of the Population Affected. Our survey suggests that 20% of US consumers believe they have been affected by data misuse. This group comprises 14% who are aware of a misuse involving data about them (those “directly affected”) and 6% who are aware of a misuse involving data about other consumers (those “indirectly affected”). (See Exhibit 1.) We expect this combined population to significantly increase over the coming years.

  • The Behavior of the Affected Population. Of those surveyed in the US who believe they were directly affected, 76% took some sort of action: half cut their spending by 56% on average; the other half stopped using the company’s services entirely. Combined, the actions of these two groups of directly affected consumers led to a 33% drop in the company’s revenues in the first year. Of those indirectly affected, 71% took some sort of action: three-fifths reduced their spending by an average of 48%, while two-fifths stopped using the company’s services entirely. The actions of these two groups of indirectly affected consumers led to a year-one reduction in spending of 30%.
  • The Passage of Time. By the end of the first year, many of the consumers who had abandoned the company returned, reducing the impact in year two. In the US, only 8% of the reduction in revenues resulting from the actions of the directly affected population, and 7% of the reduction in revenues resulting from the actions of the indirectly affected population, endured past the end of year two. (See Exhibit 2.) By year three, we would expect the balance to be restored—assuming the company does not again misuse customers’ data.

  • The Geographic Area Affected. This is not a geographically isolated phenomenon. As noted above, companies experience similar levels of economic damage from data misuse in the US and Europe. More than one-third of revenues from directly and indirectly affected consumers will be lost during the first year, with the reaction slightly harsher in Europe than in the US. About one-tenth of revenues from these consumers will be lost during the second year, with differences between Europe and the US beginning to level out. (See Exhibit 3.)

Why the Cost of Crossing the Line Will Increase

A worrisome trend—and one that will increase the potential impact of data misuse—is the increasing attention that the phenomenon is receiving in traditional and social media. One example is the uproar that greeted Uber’s disclosure of the uses of its “God view” capabilities. This software functionality allows the company to track the location of drivers in real time and tie that data to their passengers. While the feature can be seen as relatively benign in the context of fleet management, many considered Uber’s internal data-sharing practices to be an invasion of privacy (there were even allegations that Uber had broadcast the data on giant screens at parties in cities where it was launching a new service). It is worth noting that much of Uber’s collection and use of data has been within the bounds of both the law and the company’s privacy policy, as is the case with many perceived incidents of data misuse.

As coverage of data misuse becomes the new normal in traditional and social media, the number of consumers who become aware that data about them is being collected and used in new ways, who consider those uses to be potentially harmful, and who feel that companies should not engage in such practices is likely to increase—and with it the economic impact of any spending reductions that consumers may make in response.



Few companies see the landmines that are looming under the surface of their attempts to use data in new ways. They overlook these risks because their focus is on data privacy—a necessary requirement in an intense and rapidly changing regulatory environment. In the process, however, they are overlooking the needs of their customers, who define data misuse on the basis of their perception of right and wrong, not on the basis of regulatory rules or legal agreements. Make no mistake, this strategic blindness will lead to a painful loss of revenues and customers.

As we will discuss in the next article in this series, most companies are poised to fail in their pursuit of new data uses. In fact, they have set themselves on a recklessly conservative path, which is leading them to unnecessarily limit their own opportunities while at the same time ensuring that they act in ways that engender the negative consumer reactions they hope to avoid. By focusing privacy and data stewardship practices on the regulations and guidelines that have arisen around big data and advanced analytics—many of which were designed to protect consumers—companies are creating a gap between themselves and their customers. The economic harm that is likely to result is something that few if any C-suite executives can afford to disregard.

Instead, companies need to fundamentally change their approach to data stewardship. They can build consumer trust by making significant improvements in the four main dimensions of robust data stewardship: internal policies and practices; current and new data usage; transparency about current practices; and usage-specific notification and permissions. Adopting best practices in these areas will not only help companies avoid the pitfalls of perceived data misuse but also enable them to expand the range of opportunities they can pursue. Ultimately, companies will foster a broader and deeper level of consumer trust.

Next up: a detailed examination of current business practices and the disconnect between consumers and companies over data privacy.