VP of Privacy and Security,

What’s important when building a new business? A good idea is vital, obviously, plus the right people, hard work, experienced investors, and so on. Building trust is important, but probably far down the list. It’s not that trust isn’t important, it’s just likely to be put aside while working on tasks that are perceived as more time-sensitive or of a higher priority, especially those which directly and noticeably impact the bottom line. Ensuring that people trust a business can come after there’s a business to trust.

What about when that business becomes a scaleup? What about when it grows and eventually IPOs? At some point, a business will have to consider the notion of trust, both externally and internally. But it’s tough to do this when decision-makers are focused on creating a profitable business that meets investor expectations. Yet, is it possible to ensure a business is trusted when it hasn’t been built with that as a priority?

Trust is More Than Compliance

The way businesses build and scale today makes customer acquisition and reaching profitability prime concerns, and that can mean trust is left behind. To be clear, this doesn’t mean that businesses set out to be untrustworthy or that they are in any way underhanded—being trusted and deserving trust are separate. But by not embedding trust from the very beginning, there is a risk that trust is reduced to an afterthought, rather than a way of doing business.

Unfortunately, that’s how many businesses treat trust. Compliance departments are created to ensure businesses follow the law and that their processes meet all their regulatory requirements. This is standard practice, of course, and no business should be without such a department and its oversight. But being compliant and being trusted are two different things, and they shouldn’t be confused.

Consumers don’t always see compliance as a reason to trust businesses, it is simply a symbol that they are doing what they should be doing. More is needed to engender trust.

One way to think about trust is that it can accrue debt, just as software development can accrue technical debt. If code is delivered with speed in mind, then some best practices will be missed—the code may have bugs, be inefficient and lack documentation. Building on that code only makes the problem worse. At some point, there will need to be a time-consuming project to refactor the code and fix any underlying issues, and the time to complete this will increase with the longer it takes to prioritize. Similarly, if businesses do not think about trust from the very beginning, then embedding trust in everything they do becomes a herculean task.

Why Build Trust

It’s all very well saying that businesses need to build trust from day one—but why?

Trust drives employee and customer retention, positive word of mouth, and builds your reputation as worth doing business with. A trusted business trying to upsell will always be more successful than one regarded with suspicion. Everyone who enters a car dealership for the first time does so with their guard up, as it’s an industry with a reputation for needless upselling and a slippery relationship with the facts. However, those who treat their customers with respect and transparency will likely gain repeat business.

Trust as a corporate value is a winning strategy that can lead to long-term success, and it’s an important part of any customer-focused organization. For our purposes, it means putting privacy and security above almost all else.

For example, a big decision any organization that deals with customer data must make is whether it will sell that data. It can, after all, be a fast track to profitability. While Facebook is first and foremost a social media site, it is also an advertising platform that can target hyper-specific markets using its data. This has been incredibly lucrative for them, but it does come at the cost of trust. People get suspicious when they are advertised products they were recently discussing near their phone or smart speaker, but this is more likely due to smart targeting than anything more nefarious. However, the lack of trust (people know Facebook sells their data) means that they’re likely to think the worst.

This applies more widely than social networks. Any business with data can ask for permission to sell it for revenue, but it’s important to ask why they are doing it. It’s a valuable resource in the short term, but trust is more valuable in the long term; swapping one for the other may not be prudent.

How to Build Trust

Rather than relegating trust initiatives to a business unit that treats trust as an add-on, businesses should rethink compliance so that it is a part of every policy. These policies then become procedures that can be audited, thereby making trust automatic. If there is one way of doing something, there will be no shortcuts, and as an added benefit it will be easier for staff to learn, eliminating mistakes that happen with exceptions.

The best way to foster a trust-centric culture is through two methods, which are within reach of most organizations:

  1. Achieve, and maintain, industry certifications such as SOC 2 at a minimum, as well as PCI, and ISO 27001 for building a trustworthy image internationally. This allows you to tell customers, “Don’t take our word for it, take our auditors’ word.”
  2. Create a trust center on your website that communicates everything you are doing to espouse your customers’ trust. It should include, at a minimum:
  • Privacy policy and any privacy laws you comply with (e.g. GDPR, CPRA, PIPEDA, etc.)
  • Terms of Service
  • External audit information
  • Whether or not you sell data and why. (If you do sell data, provide an explanation of your opt-out policy, though it is best practice to migrate to a company-wide “we do not sell customer data” position and then advertise that position.)
  • Data retention details
  • Description about the security measures you take
  • List of sub-processors (vendors) and information about your processing activities
  • Transparency and abuse reports
  • Contact information so customers can ask additional questions

Creating a trust center provides an added benefit: It allows existing and prospective customers to self-service their data requests and enables an organization’s sales and support teams to point to public documentation, thereby reducing their workload.

Ultimately, building a company based on trust means swapping short-term gains for long-term success; it means higher employee productivity, better customer relationships and, over time, greater profitability. And like technical debt, the best time to address the problem was when it first arose, and the second-best time is now.