Privacy isn’t the “Third Rail;” it’s a tactic leaders embrace

3 November 2010 by

Mathew Ingram shared two ways companies should respond to privacy issues. Privacy

  • Make settings visible and easy to use. Facebook has made a series of changes to its privacy settings over the past year, but one of the risks is that the more complex and difficult to find the settings become, the less likely people are to go in and change them.

  • Allow users to opt in. Facebook takes a substantial amount of criticism because it chooses to automatically opt users in to new settings and features. The giant social network can get away with this thanks to its sheer size, but smaller companies and services run the risk of alienating their users.

That is so 2005. “Opt in” and “easy to use” are condescending now that users demand more control, transparency, flexibility, and portability.

I know Ingram could go a lot deeper. For starters:

Resolve that customers own their data.

Say it publicly. Repeat often. Reinforce your commitment through policy, procedure, design, operations, and governance. This includes user ability to bring their data from other services to yours, to move and remove their data from your service, to keep the authoritative form of key data elements outside of your service.

Add “List the privacy implications” to your checklists.

Check in new code? Change a web page? Adjust pricing? Whatever your business practice, ask about the privacy and data portability implications. Embed that question in your routines at every stage of your product life cycle.

Federate your customer data policies.

You are not the only custodian of your customers’ data. You put customer data in the hands of other companies all the time. And they, in turn, put it in the hands of yet other companies that you’ll never meet. Your privacy and portability policies may fit your market, but are your suppliers aligned? Can they make the same commitments on your behalf? Are they committing to protect customer data as much as you are? Are they keeping your customers’ data in jurisdictions that protect your rights and your customers’ rights? You need to hold summits, or at least conference calls, to make sure your ecosystem share core values and practices.

Trust but verify.

Set up surveillance so your teams are the first to discover privacy breaches. Audit your own systems regularly. Set up Red Teams to test your ability to protect customer data. Test your partners.

Plan for leaks.

It’s going to happen. Practice your response and put your checklist together now. You and your team won’t have time to think deeply or well under fire.

Back laws and public efforts to give customers equity in their data.

The law protects your ownership of a paper clip more than they do your Facebook profile. Support the invention and evolution of property, identity, privacy, and creative rights and laws that make sense for the rest of the 21st century.

Call me at +1-510-343-5664, Skype me, follow @SkypeJournal and @evanwolf. Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Filed Under: News Tagged With: , , ,
About Phil Wolff

Phil Wolff is strategy director of PDEC, the Personal Data Ecosystem Consortium, a Small Data NGO. Wolff is a director of the DataPortability Project and co-author of the project's model Portability Policy. He's had management, technology, and marketing roles at Adecco SA, LSI Logic, Bechtel National, Wang Laboratories, Compaq Computer, the City of Long Beach, the State of California, and the U.S. Navy Supply Systems Command. On LinkedIn, ORCID 0000-0002-7815-4750, Quora top 250 of 2012. He holds the PDQ Bach Inauthentic Identity Fellowship at the University of Southern North Dakota at Hoople. Phil lives in Adams Point, Oakland, California.