Guest Author: Jamie Sheller Esq. NetDiligence®
‘Big Data’ may be changing the world but it is not changing American’s belief in the value of protecting privacy.
In one of the few areas of liberal and conservative consensus, Americans stand firmly behind the Fourth Amendment to the Constitution which protects the “right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures.”
Customer privacy should be the guiding principle.
In a recent unanimous US Supreme Court opinion, Riley v. California 573 US_ (2014) Chief justice Robert’s wrote that current technology “collects in one place many types of information that reveals much more in combination than any isolated records.” It “allows even just one type of information to convey far more than previously possible”, serving as “a digital record of nearly every aspect of their lives.” The Court found that privacy comes at a cost and in Riley required a warrant to search an alleged criminal’s cell phone.
It is said data aggregators and marketing analytic experts collect and sell some 70,000 points of data on each of us! The warehousing and collection of so many data points and the expansion of uses and assumptions drawn through analytics will just continue to draw the ire of the public and government regulators in the US and throughout the world. As the public becomes more educated about the extensive data being collected ,the assumptions being drawn and the lack of transparency and accountability, the consequences of the failure of companies to address the new legal and ethical issues being raised will only become more dire.
As Mahatma Gandhi said the “Truth never damages a cause that is just.” So if your business model involves the collection, sale, processing, sharing, use or analysis of private data and/or metadata then consider the importance of being innovative not only with technology but legally and ethically. The below risk management considerations may allow your company to avoid litigation, regulatory scrutiny and gain public good will by instituting the following:
- Customer privacy should be the guiding principle
- If you are going to collect private information (PII) you need real-time disclosure on when and what you are collecting.
- With PII show data you will collect, who you will share it with and how it will be used. Be completely transparency.
- Have opt-in feature to give up privacy.
- Have easy methods to block third party ads and content.
- Privacy must be by design
- Rambling privacy policies designed in a way that are daunting and bury a message that the consumer has given up ALL privacy is not ethical or sufficient.
- Privacy policies should be as consumer friendly as possible with easy to use privacy settings and affirmative opt-ins or opt-outs. See example “cereal box” format here.
- Give Value
- If you are asking consumers to give up PII for the commercial advantage of your company or other third parties then give consumer an exchange of value for access to PII.
- Make on affirmative offer of value that can be excepted in clear way in exchange for use of the PII.
- Security and accuracy of Data collected and retained
- If you do collect and use data/metadata you must have the highest standard and best practices for use and retention of data.
- Check quality of analytics and assumption drawn for discrimination, inaccuracy and put limits on inferences drawn.
- Create contractual requirements that prohibit the unlawful or unauthorized use of data so standards are maintained for data passed on to third parties.
- All third party vendors PII is shared with should meet standards and be held accountable for use, safety/security and retention of PII.
- Allow persons who’s PII you use to have access to their PII for review and deletion if requested. People should have the ability to manage the flow and accuracy of their PII across massive third party analytics systems.
- Just because info is “shared” on the internet for a limited purpose does not mean anything goes- Certain Data might be off-limits
- Certain data like specific medical data, personal financial data, address book data, , and PII of minors under many circumstances might need extra care and attention and could be considered off limits for sharing purposes without very specific policy and security considerations governing these data types.
Consider these steps as the responsible direction needed for ethical and legal innovation while also allowing technology to continue to change the world. But in the face of great leaps forward never forget our past and the wisdom of our founding fathers because as Justice Roberts so aptly said…..privacy comes at a cost, so be transparent and committed to privacy and you will win goodwill, loyalty and avoid the consequences of the legal and public backlash for failing to do so.