The average person’s interest in protecting their personal privacy has evolved over time. One could argue that during the early 2000s, the average person breezed through a privacy policy, handing over all sorts of personal data for access to the coolest, latest, most talked-about app—and many still do. But the 2012 story detailing how Target could determine that a customer was pregnant and therefore send baby-related ads freaked out a lot of shoppers. It was an early mainstream revelation on just how much information is out there and how easy it is for others to tap into that data. Yet, despite initial shock, horror, outrage or dismay, it didn’t cause a radical change in consumer behavior

In 2018 things changed dramatically. The Cambridge Analytica scandal coupled with a massive surge in data breaches kicked off a substantive conversation over exactly what companies were doing with personal data. Governments got involved, with Europe’s GDPR and California’s CCPA that sought to provide increased transparency and control over how businesses collect and process personal information. People started to ask more and more questions about their privacy and in many cases, people didn’t feel like there was recourse they could take. However, this month’s mass exodus from WhatsApp to Signal over a changed privacy policy proved that’s not always the case.

Privacy torchbearers

It would be easy for businesses to approach this privacy-focused era with concerns about how it will impact profit margins, yet we are seeing that brands who lean into privacy can win. We’ve come to a point where people have choice and are much more savvy about what they want when it comes to their privacy.

Signal places an “unexpected focus on privacy” according to its website. It has always been transparent about the few ways it may need to use and/or share personal data, so people trust the app. By contrast, WhatsApp recently announced an unpopular update to its privacy policy—one that allowed numerous data points to be shared with businesses and third-parties its users were affiliated with, expanding on previous sharing capacities that had been in place since 2016. If users didn’t agree with the policy change, their accounts would be deleted. This did not sit well, and some WhatsApp fans jumped ship, turning to Signal.

Dyson is another example, albeit an unlikely one. The company’s privacy page makes it clear that privacy is a priority: The first thing you see is a commitment signed by their CEO about privacy, followed by a beautifully designed policy that precisely outlines what information Dyson collects, why, and how the company protects consumer’s rights. Dyson clearly put just as much thought into designing an intuitive privacy page as it does into building its gorgeous products.

More than a pretty privacy policy

The success of these businesses reveals that startups can no longer put privacy off as an afterthought. Businesses know more about customer habits than ever before, yet in order to win, they need to be up front with how that data is used, stored, and shared—not only because of emerging privacy regulations, but to also maximize profits.

According to a study from Cisco, “Most organizations are seeing very positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend.” On average, businesses are seeing a return of $2.70 on every dollar they spend on data privacy.

To achieve these returns, young companies should look to the examples of Signal, Dyson, and Plume. A great first step is simplifying a privacy policy with language the average person can understand. Back in 2019, the New York Times evaluated more than 150 privacy policies and found “they were an incomprehensible disaster” and that the “vast majority of them exceed the college reading level.”

However, privacy can’t be fixed with a pretty privacy policy. It requires cross-functional teams hashing through the details of what’s collected, why, and how it’s used and stored. Often these aren’t fun conversations because there are competing priorities across the organization. That’s where strong leadership and an organization-wide understanding of a company’s approach to privacy are critical. The ideal scenario would be a centralized program that ensures privacy mandates are woven throughout the fabric of the entire organization. Without that, employee and customer trust can be lost.

As we look ahead, easy-to-use (and understand) privacy will increasingly become a standard that consumers expect. People will demand brands to have a “Privacy Center” where they can change settings and trust that they achieved what they set out to do with just a few clicks. Companies that proactively embrace privacy to add value to their brands and build trust with their customers will be the undisputed winners of this new era.

Daniel Barber is the CEO and cofounder of DataGrail.