Why Your Company Needs a Transparent Privacy Policy
by Daniel Newman | March 14, 2018
Listen to this article now

In the digital era, data is money. In fact, data brokerage has become a huge revenue stream for companies in a variety of industries, from transportation to finance. And averaging a profit of 80-90 percent, it’s no wonder why. The only problem: most customers are not informed of exactly how or why their data is being collected. Public perception shows taking data from informed users is one thing. But stealing it—and selling it—is another. Thus, as the Internet of Things continues to expand—and the temptation to grab a few more nuggets of wisdom from our customer base grows—I’d ask you to consider the following:

  • Bose was sued in 2016 for selling metadata on audio files its users listened to without informing them. The suit claimed the information could reveal personal details about the listeners, for instance their political leanings, culture, or personal interests. Damages are expected to exceed $5 million.
  • In an ironic case, me—a company that supposedly helps protect users from spam overload by automatically cleaning up their inbox—was found to have screened user inboxes and sold information on competitors to Uber in 2017. Apparently, once they had the license to enter the inbox, they couldn’t help but take a peek at what other valuable data was in there. The company was hit with a privacy suit over selling user data.
  • The maker of a “smart” sex toy paid $3.75 million in a lawsuit after it was found to have been pulling data from its user apps about how and how often users were using the device.

And that’s not even including the cost of losing their trust with the public. Note to self: Don’t do what those guys did. If you want to gain—and keep—customers, research shows you’d best be honest about the data you’re pulling from them.

Survey Says: Honesty is the Best [Transparency] Policy

There’s even data to prove it. Research from Harvard Business Review found that customers who were offered full transparency (how and why their data was used)—and control (the ability to decide if or how much they were will to share)—did not punish companies if their data was breached. On the other hand, if a breach occurred and the customers didn’t know that their data had been mined and hacked—the damage was far-reaching. In fact, even rival companies associated with the breached company averaged $8 million in losses. Turns out privacy—like data—is also big business. Yet, research shows just 10 percent of Fortune 500 companies are offering both transparency and control to their customers when it comes to “data brokerage.” Why?

Perhaps it’s because many are trying to enjoy the “wild west” of data dealing—and profiting—while they still can. (I’d recommend not doing that.) Or maybe it’s because they’re afraid to lose their customers when they found out how deep they’re diving into their personal lives. In any case, anyone tempted to mine, use, or sell personal customer data should consider the following:

Explain and incentivize: Smart automobiles have been jumping onto cellular networks this past year even more often than cell phones—and with them, a whole lot of driver data. But as one smart car driver said—it makes no sense for a driver to pay extra to connect to a cellular data service if the car company itself is going to be making money from the data pulled from it. To avoid a customer backlash, take proactive steps to reward them for the information they share. After all—you’re the one gaining from it.

Take a stand: With the rise of the Internet of Things (IoT)—and the inherent value of data in today’s marketplace—data brokerage isn’t going anywhere. Your company has an opportunity to lead the way in architecting transparent privacy policy, which has been proven to gain loyalty over time. Not sure where to start? Try Europe. The European Union has already gone to great lengths to protect user data though its General Data Protection Regulation (GDPR). Passed into law in 2016 and going into effect this year, GDPR takes a far-reaching stance on data protection, including even things like one’s IP address as a personal identifier. While the United States has a long way to go in catching up with the EU, at least they have a roadmap to turn to. (More on this in an upcoming piece I’m working on for IBM.)

Don’t be sneaky. Yes, many companies technically reveal the fact that they collect and sell customer data—in small print at the bottom of a log-in page. But in many cases, customers are opting-in to sharing without even realizing it, subjecting themselves to a well of personal data being mined from their phone, search history, driving schedule, etc. If you do wish to mine incredibly personal information, shout it from the rooftops. Make it known! Your customers will respect you more for it.

Think big picture. Remember: all the information you gain is fair-game for hacking. It’s your responsibility to protect it. If you fail to, not only will you lose your data mine, you’ll lose your customers, as well.


About the Author

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. Read Full Bio