According to PwC, only 30% of US consumers trust brands (the lowest since 2016). Interestingly, though, the same research found that 90% of executives believe consumers trust their company. This 60-point gap suggests brands have a lot of work to do in 2025 — both in understanding why their consumers mistrust them and in solving the persistent lack of consumer confidence.
The journey toward restoring customer trust must begin with more secure data practices. According to Statista, 66% of consumers would trust brands more if they were transparent about their reasons for collecting personal data, and 55% would be more trusting if companies only collected necessary data.
Let’s unpack why data privacy is such a sticking point for consumers and outline how companies can fortify their data security in 2025.
The risks of insecure data collection
Of 1,100 companies Cybernews reviewed in October 2024, more than 68% had experienced a recent data breach. According to Verizon research, third-party vulnerabilities are becoming one of the most common causes of such breaches — and they are causing serious consequences for both consumers and businesses.
For instance, in March 2024, a data breach exposed 75 million AT&T customers’ personal phone records and text messages to bad actors on the dark web. Meanwhile, many companies continue to make headlines for intentionally sharing sensitive consumer data with third parties, without consumer consent for such practices. Stories like these are so frequent that many consumers have begun to distrust brands’ security policies and protections to a fault.
The consequences of insecure data collection and sharing go beyond lost trust. Meta was recently fined $263 million for data security failures that exposed the personal data of 29 million users. And that’s certainly not the first time Meta has faced backlash — and significant fines — for a General Data Protection Regulation (GDPR) violation. Over time, insecure data collection standards leave businesses with a hefty bill.
How to fortify your customer data pipeline
Although marketers are not in charge of maintaining an organization’s cyberdefenses, they can still help protect consumers from data leaks by following some basic data security guidelines.
1. Implement data minimization techniques to collect only essential information
Bad actors cannot obtain data that doesn’t exist. Thus, the best way to protect consumers is to minimize your data collection, ensuring that you only collect information that is truly valuable to your marketing efforts.
In many ways, the digital era has encouraged over-consumption. Consumers spend a jaw-dropping 400 minutes per day browsing digital channels. Browsing habits create data that contains compelling information — and with the advent of AI, we can understand larger amounts of this data than ever before. However, just because we can collect data doesn’t mean we should.
Review your first-party data collection methods, including post-purchase forms and account sign-in details, to ensure you’re not over-collecting. For example, while a name and email address are vital, you may not need a user’s birthday.
Minimizing data collection practices has benefits beyond consumer trust. By collecting less data, you’ll reduce the need for costly cloud storage. So, think of data minimization as both an investment in customer trust and a cost-cutting measure.
2. Leverage privacy-enhancing processes and technologies for secure data collection and processing
You need to collect and handle data securely throughout its lifecycle — from the very moment of collection to expiration/deletion. You can protect consumer data with the following measures:
- End-to-end security: Third-party data collection methods are often opaque and inconsistent, creating potential risks for data leakage and compliance issues. Even widely used tools like Google Tag Manager have come under scrutiny for enabling third-party tags to collect and transmit user data without full transparency. Recent research has specifically highlighted concerns with platforms like Pinterest and Facebook CAPI, where website owners may be unaware of the extent of data being collected and shared downstream. In some cases, publishers don’t even have access to the very data being extracted from their own sites. By shifting to server-side tag management, businesses can take back control, ensuring that data collection is secure, transparent, and aligned with their privacy policies—eliminating the risks of hidden third-party data practices.
- Data processing sovereignty and regional deployments: Single-tenant architecture ensures your data is never co-mingled with that of other organizations. This setup, whether deployed on a private cloud or as a platform-as-a-service, provides a first-party data collection tool that unlocks powerful marketing, analytical, and ad-tech capabilities. Additionally, with geographic flexibility, enterprises can control where their data is processed down to the server region, aiding in compliance with regulations like GDPR and reducing server latency.
- Encryption: Encrypted data is more difficult for bad actors to decipher because it blocks any identifiable information with an anonymized hash or cache number. It’s a good idea to encrypt any sensitive consumer data you store.
- Role-Based Access Control (RBAC): Although hackers are becoming more prolific, internal data breaches are also common. RBAC protects against such vulnerabilities by ensuring that only authorized users have access to certain data. It can also help contain the damage in cases when hackers gain control over an internal user’s account.
3. Establish robust consent enforcement mechanisms to ensure compliance and user control
Collecting consumer consent isn’t a one-time exercise. To properly enforce consent, you must adopt systems that bind customers’ consent preferences to any data they submit. Doing so ensures that this data is never mislabeled or misunderstood while in transit (especially if you share that data with third-party partners). Data processing and routing tools are an excellent option for accomplishing this.
Once you’ve established robust consent enforcement policies, you’ll want to display them prominently on your website. McKinsey research shows that 85% of consumers feel better about a company when they showcase clear and easy-to-understand consent processes. Ensure that your customers can understand and appreciate the steps you’ve taken to protect their data.
Consumer trust is more difficult to win than ever before. However, that doesn’t mean businesses should give up on the challenge. By prioritizing consent enforcement mechanisms, leveraging innovative technologies and processes to improve data security, and implementing data minimization strategies, digital marketers can protect data privacy and re-capture consumer trust in 2025.