Data privacy, ethics, and the moving goal posts
According to a recent TRUSTe survey, 92 per cent of consumers worry to some extent about their data privacy, while their top concern is companies collecting and sharing personal information with other companies.
The endless stream of high-profile examples of data breaches – from Snowden’s exploits to what happened to Target, Sony and locally, Telstra – has meant organisations need to take extra steps to allay the concerns their customers have with what data they are collecting, how is it stored, and how is it then used.
Take for example Samsung, which has recently needed to give customers public warnings about its Smart TV product line, that are capable of recording voices and then distributing that data to third parties for marketing and promotional purposes. Samsung claims that far from being an example of “Big Brother-style spying”, the data captured by the TVs is simply used to help improve the quality of service for the customer without recording specific conversations. Nonetheless, it was vital from a public perception point of view that Samsung clarified the specific data that it collects and what it uses it for.
Customers value what corporations can do with their data if it’s used to create a better experience for them. An Accenture study found 49 per cent of consumers would not object to having their buyer behaviour tracked if it would result in relevant offers from brands. What consumers are concerned about is organisations using their data for purposes that serve them rather than the consumer, particularly where this involves third parties.
Organisations need to carefully consider their ethics with respect to customer data. While government legislation is catching up, many decisions around data are left to a company’s discretion. As a result, when it comes to data privacy, a ‘compliance-only’ strategy may not enough to avoid the wrath of your customers and a PR nightmare.
A simple test is to put yourself in your customer’s shoes. How would they expect their data to be used? And if they were aware of how their data was being used, how do you think they would react? It’s important be transparent about how you collect, share and use customer data. Clearly explain that your organisation takes data privacy seriously and describe what you do about maintaining and securing customer data. Obviously it pays to make sure you have a strong data governance practices in place to back up these claims.
Not convinced? In a recent Toluna study, 86 per cent of US consumers said they trusted companies that were transparent about their online data practices, and 75 per cent of these said they would buy more from these companies.
In the US, the Obama administration has been busy pursuing a series of initiatives to safeguard American consumers and families. Included in this is a Consumer Privacy Bill of Rights Legislation, which seeks to ensure online interactions are governed by clear principles that look at the context in which data is collected and ensure users’ expectations are not abused.
Meanwhile, Australian ISPs and telecommunications companies may well need to retain the metadata of their users and information on the way they use the Internet, under a Federal Government national security strategy that is likely to have bipartisan support. Being able to collect and retain this data in a way that is secure and continues to protect their users from malicious hacking is going to be a core ethical concern for the ISPs and telcos in the near future, with Australia’s Privacy Commissioner already highlighting just how much of a minefield this will be with providers being required to retain data in a way that is inconsistent with the provider’s obligations under the existing Privacy Act.
That Privacy Act itself is relatively new in Australia, with the Government strengthening laws around retention and response to breaches in March 2014. There are still organisations that would struggle to meet these regulations, despite the requirements being in most cases common sense ethical obligations.
For example, the new privacy laws mandate that the collection of sensitive data such as health and criminal records can only occur with the express permission of the individual. This should not need to have been mandated; organisations should have already respected such as an ethical obligation.
Because the way organisations can capture and use customer data is in a state of constant flux, the ethical obligations around data usage are constantly moving goal posts. But they are worth keeping on top of. Data is valuable and if it’s collected and used ethically, your customers will appreciate you for it.