Facebook can automatically identify and tag users in an uploaded photo. An Internet search for a product leads to ads for that product following you all over the Web.
Data stolen from many recent breaches can be aggregated to create a full portrait of your personal information, a portrait that can be used for nefarious purposes.
Privacy is dead. At least that’s what it feels like.
For obvious reasons, data collection has become a touchy subject. Concerns are rising both from user and collector points of view. End users, whether they are employees or customers, are requesting a higher level of respect towards their privacy, and putting forward more questions as to how and why their personal data is handled.
For their part, data collectors must be aware of these growing concerns and take appropriate steps to address them from the ground up, building best practices in privacy into every aspect of the products and services they provide.
Guest article by Agathe Caffier, Senior Counsel, International Operations & Privacy Specialist at DMI
The question before enterprises today is, “What is the best option that will serve customers…while still getting the data I need?” Research sponsored by Raytheon found that the average budget to effectively manage mobile devices is $278 per managed device.
However, current budgets range from $633 down to $98 per device, depending on company size. Whatever your budget, you need to be clear about what focus areas will best serve you and your customers.
1: Be Transparent with Your Customers
Sometimes users are resistant to providing information or access requested within an app, especially when it doesn’t seem to be related to the app’s main functionality. For instance, the Angry Birds game may ask players for their contact list. But users may be reluctant to share that information, unless the app is explicit that this data is used to connect them with friends who play the game. Being transparent is supreme.
2: Rethink Your Data Usage
Whether it’s collected internally or through an app, it’s never too late to assess how your company is handling data. If privacy was not designed at the outset of building your business, you can still audit it. An audit will usually try to understand how data that your business collects flows between different geographical regions and divisions.
Think about the app from the user’s perspective. Is your app privacy-friendly? Are your “privacy” notifications (request of collection of location, access to contacts, etc.) invasive and disruptive to the user journey? Did you integrate privacy from the outset of the app build process?
You can improve your users’ experience in a straightforward manner with the help of a strong UX/UI review, combined with an audit of data collection. Be transparent about data usage without being invasive to help increase user engagement and retention.
3: Revise Your Policies
In our 24/7 world of hyperconnectivity, privacy policies can quickly become outdated.
At the app level, consider the reality that almost no one reads privacy policies. If you would like your user to read it, our recommendation is to make it as visual and interactive as possible.
4: Measure Your Risk
It’s not always easy to know if your privacy and security initiatives are in sync with the level of risk that your business actually faces. Business-minded people will always be more inclined to take a more risky approach for the sake of business innovation. And this is fine — just be clear about it.
5: Invest in Training
It may come as a surprise that most data breaches are the result of employees who fall for one scheme or another (phishing emails, social engineering calls, etc.). The solution here may seem straightforward: improving security training among employees within the organization, ranging from basic password guidelines to restricted access policies.
However, businesses are facing the issue that employees don’t always apply what is learned during training, even less so when carried out through an online platform. Make sure you use a relatable storytelling approach specific to your audience, as well as innovative and interactive workshops to involve your employees as an integral part of your privacy solution.
Data collection can be a goldmine for businesses, opening new revenue streams and creating greater insights that lead to better customer service and customized experiences.
However, in this touchy, “hands off my data” atmosphere, data collection can also be a minefield. It is important to put policies and processes in place to get the data you need — and offer the maximum safety for that data — without alienating your customers and prospects.
Agathe Caffier, Senior Counsel, and International Operations & Privacy Specialist at DMI, graduated as a business lawyer in London and is now also a Certified Information Privacy Professional (CIPP/E). As well as being the general counsel for DMI, one of the leading mobile solution providers in the world, her expertise in new technologies and privacy matters related to mobile has led her to provide privacy guidelines and audits to companies such as Vodafone, Telefonica, Anheuser-Busch InBev, and many more. She regularly contributes to specialized publications and whitepapers on privacy and security.