Insights from MSI

How Customers Feel about Your Data Practices

Big data has filled marketers’ toolboxes with all kinds of valuable information about customers—demographics, purchase histories, and maps of their travels through store aisles and across the Internet. These digital insights have proven to be a key ingredient for companies to provide customers a better experience and tailored products that are essentially targeted to a market segment of one. In turn, customers reward such merchants with more loyalty and purchases.

But can this golden assortment of digital riches also be a threat? A recent report suggests that customers are much more aware of, and more wary about, the information being collected about them than previously understood, and they are ready to move against companies whose practices they distrust.

The biggest surprise: It’s not just privacy violations that make them apprehensive, but even just the fact that the data is being collected at all.

“In many cases, companies simply possess customer information,” says Kelly Martin, Colorado State University, a coauthor of the study. “They may or may not use it much, and customers may never experience any kind of breach or data misuse event—but we found that customers still reported feeling vulnerable.”

Transparency and control

 Perhaps most valuable to practitioners, the researchers counsel businesses on how to mitigate the problem by improving privacy policies to give customers more transparency and control over how personal information is used.

In “The Dark Side of Big Data’s Effect on Firm Performance,” Martin teams with University of Washington’s Abhishek Borah and Robert Palmatier to gain greater insight into this little-understood corner of the consumer psyche. It’s an area ripe for exploration. Although the literature is full of research on data privacy and security, very little work has been done from the consumer’s perspective. “We wanted to understand that phenomenon better,” says Martin, “so we began our research by connecting the most benign forms of data access to feelings of vulnerability and customer outcomes. Surprisingly, we found that customers reported feeling vulnerable from firms simply collecting their information, regardless of whether and how that information was used.”

In the MSI working paper, Martin, Borah, and Palmatier conducted two studies. The first concentrated on 167 data breaches suffered by 140 public companies and 140 of their closest competitors. (Subsequent research has expanded the number to 414 firms and their rivals.) Stock prices of those firms were charted before, during, and after news of the breaches unfolded. In addition, the privacy policies of those firms were analyzed to determine if a relationship existed between what the policies offered and the amount of damage to share price.

On average, in the first study, a data breach reduced a focal firm’s stock value, or performance, by –.27% and its closest rival’s by –.17%. The bigger the breach, the more was lost in share price. “Our results suggest that data breaches are associated with an average loss of $130 million dollars in shareholder value for focal firms on the event day of the breach, while the data breach erodes about $82 million in shareholder value for the closest rival on the event day of the breach,” says Borah.

The second study used several experiments to better understand the emotional and cognitive experiences of vulnerability users have around personal data. Six hundred participants were surveyed about policy options offering various dimensions of transparency and control. For example, after being presented a hypothetical privacy policy, they were asked to agree or not with the statement: “[I would] bad mouth the company to my friends, relatives or acquaintances.” Respondents reported they would be 13% more likely to switch from and 20% more likely to speak negatively about a firm that captured their personal data, regardless of whether an actual breach had occurred.

Firms with low transparency experienced a 2.4 times larger drop in stock price after a data breach.

The research team turned to an unexpected source to explain why consumers appear to be so rattled by data collection.

Gossip theory describes how people respond to unsanctioned collection, use, or disclosure of personal information, and contends that emotions are especially powerful for driving customer behaviors. “Our experiments showed that customers experienced emotional feelings of violation and cognitive thoughts of reduced trust, [creating] behavioral reactions of lying to a firm, spreading negative word-of-mouth, and switching their business to another company,” Martin reports. This is a significant piece of information for firms that thought only data breaches drove consumer reaction.

To mitigate those feelings of vulnerability, study results showed, companies have a very potent remedy at their disposal: the privacy statement. Companies that made their privacy policies transparent (that is, explained their data collection, use, storage, and protection practices) and provided customers with control (the ability to determine what information is provided, how it is used and which partners may access that data) countered the effects of vulnerability. Users felt much less vulnerable and thus less likely to react emotionally to personal information collection.

“Not only do high transparency and high control reduce the likelihood of customer retaliatory behaviors reported,” Martin says, “they also soften the negative effects when a company experiences an actual data breach.”

Firms with low transparency experienced a 2.4 times larger drop in stock price after a data breach. Firms that offered low control suffered a 3 times larger drop in stock price after such a breach. The worst strategy combined high transparency with low control, which led to 37% worse performance than the low–low condition.

Interestingly, the competitive effects of a data breach were asymmetric. When a focal firm experienced a data breach, the effect on close competitors’ stock price was also negative. However, when the severity of the breach was large, with many customers affected, the effect eventually became positive for competitors’ stock price.

Proceed with caution

Firms spend some $36 billion annually to capture and leverage consumer data. The effort largely pays off. The report cites a McKinsey study reporting that companies that use big data analytics to capture customer and other data can increase their productivity and profit gains by 5% to 6% over competitors.

The research in “The Dark Side of Big Data’s Effect on Firm Performance” can be seen as a sobering wake-up call to marketers. After all, the results suggest any firm collecting data on its users is viewed with a skeptical eye. “Unless a firm collects no customer information at all, they are inducing some level of felt customer vulnerability,” warns Martin.

The good news: Well-designed privacy policies help mitigate those fears and curb retaliatory tendencies. In July 2013, Citigroup suffered a breach of customer data that resulted in a $1.3 billion loss of stock value in a single day. According to the researchers’ analysis, that stock drop would have amounted to only $63 million if its privacy policies were more customer-friendly. “Citigroup might have saved about $1.2 billion had it simply offered its customers high transparency and control,” conclude Martin, Borah, and Palmatier.

The researchers believe there are immediately actionable strategies that companies can take to reduce customers’ feelings of vulnerability: (1) be honest and clear in the use of customer information (i.e., transparency) and (2) give customers some say in how that information is acquired, used, and shared (i.e., control).

“Managerial efforts across these two domains should allow companies to gather customer data while simultaneously reducing their felt vulnerability, mitigating the possible negative performance effects,” Martin says.

Since the release of the original MSI working paper, the research team added a third study with actual customer and firm evaluations that draws an even stronger link to the effects of privacy policies.

“We found that consumers were keenly aware of the extent to which companies are transparent and offer customer control in their privacy policies. Conventional wisdom might suggest customers never read privacy policies and don’t care. Our research shows they do, in fact, have an acute sense of how companies are managing their data, and their perceptions closely matched our independent coding of the company privacy policies,” says Martin.

The authors point out that many firms let their privacy policies be developed by the firm’s legal department with little recognition that these policies have a strong impact on customer attitudes and financial performance. But given how much these policies matter to customers, firms should be spending much more time developing, writing, and communicating them. “This may be an interesting area of opportunity for competitive differentiation,” Martin says.

By Sean Silverthorne

The Dark Side of Big Data’s Effect on Firm Performance
Kelly D. Martin, Abhishek Borah, and Robert W. Palmatier (2016)[Report]

Journal of Marketing, forthcoming

Browse Insights archive


You must be logged in to leave comments. Please login.



Employees of MSI Member Companies enjoy the benefits of complete online access to content, member conferences and networking with the MSI community.



Qualified academics benefit from a relationship with MSI through access to, conferences and research opportunities.



The public is invited to enjoy partial access to content, a free e-newsletter, selected reports and more.



Become a Subscriber

MSI's Online Library of 400+ reports, authored by marketing academics, offers new research and evidence-based insights

Read More

Stay Informed

The MSI Mailing List

Subscribe to our email list to stay informed about upcoming events, news, etc.

Social Media