By Nicholas Knoop, Senior Manager, Corporate Counsel & Head of Privacy and Data Protection at HubSpot
Data is one of the most valuable assets for modern companies. It can be used to gain competitive advantages across an organization — from identifying pain points to solve a customer problem, to informing new product features, to driving diversity, inclusion, and belonging initiatives — and there are countless ways to use data to help both your customers and your business grow.
Using that data comes with some risk, however. There’s no shortage of headlines these days about companies misusing data or failing to prevent a breach, and the most damaging risk in these scenarios and others is the loss of trust. And, with global data creation expected to reach 180 zettabytes by 2025 (that’s 21 zeros), the level of risk grows, as does the imperative to manage it with the right protective measures. As the leader of our privacy and data protection team at HubSpot, I spend a lot of time thinking about how we can protect and learn from data without abusing it.
For a company to earn the trust of their customers it must handle their data ethically. In the words of Justice Potter Stewart, former Associate Justice of the United States Supreme Court, ethics is “knowing the difference between what you have the right to do and what is right to do.”
Doing the right thing means using customer data to primarily benefit your customers, not yourself or your business. It also means educating your employees on how to advocate for data privacy and security when developing applications or configuring third-party services and integrations. And, it means continuously engaging in open discussions about how you approach data use.
It’s in this spirit that HubSpot developed a data ethics framework to guide the evolution of our data strategies and hold ourselves accountable to our customers, partners, and employees. I strongly believe that making trustworthy data stewardship a priority should involve teams across a business, not just the legal team. With that in mind, the following principles were developed in consultation with a diverse set of employees across teams at HubSpot, ranging from leadership to individual contributors. I hope these principles inspire you as you work towards building your own data ethics foundation.
Choice & Control
One of the fundamental principles in data privacy law is that data is not owned by the companies that process it; rather, data is owned by the people who are represented by the data.
Choice means asking customers for permission before using data, or giving customers the option to opt-out. For example, when customers agree to terms and conditions, they give you permission to store their data and use it to support their use of the product. When data use goes beyond the scope of that permission, customers need to be given more control and choice. That means the ability to opt out of data use, manage data (delete, export, etc.), and freely move data to other platforms.
Transparency isn’t just a tenet of our Culture Code; it also reinforces trust. Being transparent means explaining how and why data is being used, and how it is being protected.
Some of the tools that ensure transparency include keeping privacy policies accurate and accessible and informing users with in-app explainers when they are making impactful choices about data use.
When you use customer data, it should primarily benefit your customers and you should always be able to explain why you’re using that data. The way I think about fairness in practice is if a customer asked questions about how we’re using their data, would we feel comfortable explaining exactly what we’re doing to them? If the answer is no, then we shouldn’t be using their data in that way.
Safe & Secure
Keeping data safe and secure is at the core of ensuring customers trust you with their data. At HubSpot, we use a defense-in-depth approach to implement layers of security throughout our organization and our security program is driven not only by compliance and regulatory requirements, but also by industry best practices.
As we continue to expand the footprint of our platform and user base, we will have access and insight to more and more data that, if used properly and meaningfully, can add significant value to our customers and ecosystem. Taking responsibility for how we handle that data and keeping it safe is an ongoing challenge and it’s critical for our ability to continue to help our customers grow better.
If you’re thinking about implementing your own framework to guide the ethical use of data, remember that the cornerstone of any privacy and data protection program is trust. How you use data, build controls and choice, and communicate openly to customers are key to building and maintaining trust, and ensuring a long-term successful business.
Learn more about our data protection, privacy, and security practices here.