Navigating the Data Privacy Minefield
A lot of apprehensions exist surrounding the term data privacy, and rightly so. Consumers fear data breaches and misuse by corporations. Businesses fear time-consuming (and often confusing) measures for compliance and costly lawsuits following a misstep in the process. Regulations differ between governments, from Europe’s GDPR to California’s CCPA. However, these laws are all based on the idea that consumers own their personal data. This implies the right to access, delete, and reject the use of personal information online. With that in mind, I’ve laid out a few guidelines to navigate the minefield that is data privacy.
This post is intended to provide a guideline for your thought-process surrounding data privacy and does not constitute certified legal advice.
For students at Montana State University, affordable legal services are available here.
1. Be truly proactive
Data privacy and protection have solidified their status as necessary cornerstones of digital commerce. This status isn’t changing, and merely reacting to consumers’ call for ownership of their personal data has already become a dated practice. Instead, companies should factor data protection into their business plan from the start. This begins by asking questions such as: How will consumers interact with my website and other digital touchpoints? Which types of data will I gather from these individuals?
By answering these questions during the early stages of your business, you will set yourself apart from many startups while avoiding the hassle of implementing reactive practices much later on. Don’t rely on the fact that the United States has yet to pass its own version of GDPR. That is sure to change, and you want to be ahead of the game.
In addition to this consumer perspective, you should view data through the lens of both privacy and security. While the term data privacy pertains to the act of compliance, data security ensures that third parties cannot access the personal information of your consumers. Both must be intact for full compliance.
Now, you shouldn’t limit yourself to internal proactivity. Take an external stance, advocate for the consumer, lobby for ethical regulations surrounding data privacy, be an educational voice in your industry. Doing so will not only make your company look good in the eyes of consumers but also, it will give you a say in the process.
2. Promote transparency
The evolution of technology toward a personal, integrated touchpoint of our lives has created a trust crisis. Technology knows us on an intimate, individual level. Consumer awareness of this phenomenon and the associated skepticism requires companies to comply, both for the sake of ethics and perceptions. The best way to combat the skeptics? Be transparent. Let consumers know exactly how and why you are using their data — and forget the fine print for this one. Educate users on the benefits of data collection and let them know you’re aware of the drawbacks. Make your data security policy known. Full transparency can be as simple as it sounds.
For guidance, follow these six key elements: ethics, integrity, openness, accountability, competence, consistency
3. Keep tabs — on records, regulations, and consumer rights
There’s quite a bit to keep track of in the data privacy realm, especially for multinational companies. My biggest recommendation? Hire an expert. Whether that be as a full-time employee or as a private consultant, don’t base business decisions on a few quick Google searches (or the words of a student blogger for that matter). Full privacy compliance requires a sound legal understanding and consistent monitoring. Ultimately, if a question arises, your company must have established personnel to answer. In the best-case scenario, these established individuals will work proactively to ensure questions don’t arise to begin with.
4. Clarity is key
In line with transparency, consumers must have access to your full privacy policy along with the steps your company has taken to ensure full security. Be sure to write clearly — don’t confuse your customers.
In general terms, your policy should clearly state the following:
We prioritize privacy — make sure your consumers know that.
Here’s what we collect — explicitly list the types of data you collect such as demographic information, buying patterns, click points, etc.
Here’s why we collect it — tell consumers why and how you are using their data. Is it to better their user experience? How exactly does it benefit them? Be specific.
Here’s where the data is stored — make sure consumers know the security measures you’re taking. Do you use a third-party in the process? Most likely, yes. Make sure they’re on board with your policy and let consumers know that.
Any questions? — provide a simple platform for consumers to reach out to you.
You can always access more information here — show consumers exactly where they can find your full privacy policy.
How you relay this information is up to you, and it likely depends on your industry. The bottom line is that you should keep consumers informed through every step in your company’s process regarding their personal data.
5. Take on the consumer perspective
When navigating each of these earlier key points, keep this consumer in mind. Consumers created the call for data privacy, and when developing your company’s policy, remember to view it from their standpoint. As a consumer, what do you wish companies were more proactive about in relation to your privacy? What practices do you want the company to reveal to you? Which policies do you think companies should be aware of? How would you like them to communicate their policy to you?
Answer each of these questions from your own perspective as a consumer. Ask for answers from your customers, family, and friends.
Take care of your customers’ data as you would your customers themselves. In terms of data privacy, both are of equal importance.
Want to learn more? Check out these interesting reads:
Assess Blockchain for GDPR Compliance - Gartner
Facebook Spawned a Data Crisis - Magenta
Five Trends of Privacy and Security Entrepreneurs Can Leverage - Forbes
How the Sharing Economy Erodes Both Privacy and Trust - New York Times
The Future of Privacy - Gartner
The Privacy Project - New York Times
