After the first flushes of their initial novelty, some of the less savory implications of practices such as website tracking, geolocation, and targeted or personal advertising have raised the hackles of the buying public, creating a backlash of concerns over online commercial and institutional resources engaging in “Big Brother” style surveillance, unwelcome intrusions, and invasions of personal privacy.
The gathering of personal data and information on web browsing or online transactions has escalated from on-site algorithms and web-based accumulation and analysis tools, through to mobile apps, desktop software, and acts of consent elicited from consumers themselves – sometimes but not often enough communicated through clearly worded contract or subscription documents, app permissions, Privacy Policies, or Terms & Conditions.
In the current climate of sensitivity, techniques intended to increase the outreach and revenue of commercial organizations are actually having the opposite effect, as consumers make conscious efforts to avoid the worst offenders through the use of ad blockers, anonymous browsers, and Virtual Private Networks (VPNs).
For businesses worldwide, this clearly isn’t a desirable state of affairs. And – as we shall see – both customer attitudes and new legal and regulatory frameworks due to come into force in the near future will push privacy concerns into the forefront of business thinking, influencing the ways in which commercial organizations will have to behave, in conducting their operations.
Privacy Protection as a Selling Point
Making the best use of market and consumer data can be a difficult balancing act, for businesses. On the one hand, the information which enables them to create accurate customer profiles and buyer personas can help in refining sales strategies and establishing the conditions for targeted marketing campaigns. And on the other, being known as an organization which keeps close tabs on its consumers can provoke feelings of intrusion, rather than intimacy on the part of the people concerned.
More refined measures may include “anonymizing” features and other tools that site visitors may use or opt into, in order to increase their level of personal privacy while in the company’s online domain.
Privacy Protection – Introducing Limits
One of the problems that businesses may encounter when embarking on the road to better market intelligence and targeted promotion opportunities is the issue of data governance. Customer information may be coming into the organization from a number of different streams – and it may not always be possible to effectively monitor these sources, and censor them if need be.
In a worst-case scenario, a company may not even be aware of the kinds of data that are being gathered, how much is being collected, who is being allowed access to it, or how it’s ultimately being put to use. Not only is this irresponsible and unprofessional, it may also have implications for the organization’s legal and compliance status.
For this reason, many commercial institutions are now having to review and make amendments to the way they do business online. Greater transparency and disclosure of company privacy policies and the provision of a more secure environment for their internet visitors are two aspects of this shift. Others may include accelerated procedures for anonymizing personal data, storing customer account information separately from activity logs, and configuring tracer cookies for a much shorter life-span.
Privacy Protection – IoT Worries
The online environment has extended into utilities and infrastructure provision, consumer goods, entertainment, and an array of services, through the medium of the Internet of Things (IoT), whose network of smart sensors and monitoring devices are capable of gathering personal information of immense and potentially frightening detail.
The technology of the IoT ecosystem is still in its relative infancy, and manufacturers have yet to move beyond the stage of using generic chipsets, vendor-specific default passwords, and other lax security practices in their deployment of connected devices. From a cyber-security perspective, huge numbers of these devices (and the information they contain) are simply a major hack or data breach waiting to happen.
With a recent report from the Federal Trade Commission (FTC) suggesting that 150 million discrete data points may be generated each day by fewer than 10,000 households, the amount of potentially compromising personal data that’s being streamed out there is also a worrying statistic for consumers having privacy concerns.
And the fact that AT&T’s Cybersecurity Insights Report reveals that only 10% of the over 5,000 enterprises surveyed around the world feel confident that they can secure their IoT devices against hackers, may continue to give those same consumers sleepless nights. In an environment like this, inspiring confidence from a privacy protection standpoint and building brand loyalty presents a major challenge for the manufacturers and system vendors.
Privacy Protection – Cloud Concerns
Similar concerns affect the many businesses that currently use cloud-based services and infrastructure to conduct their affairs or have plans for doing so in the future. Ensuring good data governance and privacy protection becomes especially complicated when a number of third-party cloud service providers or supply chain partners are involved.
This situation is becoming even more critical, in the run-up to 2018, when major changes in the regulatory compliance regime for online business and personal data handling are due to make a global impact.
Privacy Protection – Staying Compliant
Once the European Union (EU) General Data Protection Regulation (GDPR) comes into effect in May 2018, the issues of customer privacy protection and the handling of personal data will be fully at the forefront of global business. The framework sets out a raft of stringent conditions and procedures for the collection, storage, transport, and handling of personal information gathered from citizens and residents of the EU.
But its legal conditions will apply to organizations in any part of the world that have dealings with EU personal data (including cloud services and providers) – and the GDPR is empowered to impose strict penalties and huge fines on companies found to be in breach of its recommendations.
With fewer than six months to go, organizations across the globe are scrambling to get their compliance houses in order. For some, this involves confining their stores of customer data to within the EU, or their countries of origin. While cost-effective and easier to govern, this strategy can limit a company’s potential for expansion into cross-border markets.
Major cloud service providers are adopting the strategic approach of extending their service infrastructure across the EU, to allow for more localized data storage and handling facilities in line with the new laws. This typically involves using database options which can identify and segregate EU customer data and services, with built-in tools for oversight and compliance reporting.
As the deadline for the new era of consumer privacy protection looms, companies across the globe will have to adjust both their compliance mind-sets and their technological deployments, in order to meet the challenges of conducting business online.
Share this Post