Trust, Privacy and the Data Economy

By Dr. Heather Mark, CCEP

The data economy has become so pervasive in today’s business that it sometimes is necessary to pause and think about where we’d be without the explosion of data that businesses have at their disposal.  Cloud software firm, Domo, releases an annual report each year on the astronomical growth of data.  Their report, Data Never Sleeps, provides a fascinating example of just how people are using the internet, leaving digital trails to be followed.  According to Data Never Sleeps 7.0, more than 511,200 tweets, 18, 100,00 texts, and 188,000,000 emails are sent PER MINUTE. And that doesn’t include our unintentional data creation – the Internet of Things, or our browsing history, or geolocation data. Our world runs on data, which means that as consumers, we need to be able to trust that our data won’t be misused by the companies with which we do business.

A PwC survey conducted in 2017, tells us that consumers are becoming more cynical about how companies handle data.  Just 25% of survey respondents believe that companies handle data responsibly and less than 15% believe that the data will be used to improve lives. Further, 87% of those respondents have said that they will take their business elsewhere if they don’t trust the data handling practices of a company.

In Francis Fukuyama’s book, Trust: The Social Virtues and the Creation of Prosperity, he proposed the idea that trust and ethics was central to economic well-being.  “If people who have to work together in an enterprise trust one another because they are all operating according to a common set of ethical norms, doing business costs less…”  It costs less because we know that our colleagues and our partners will behave in ways that we expect, and that serve the good of the organization.  Similarly, as consumers, we are more likely to do business with organizations that we trust.

An essential element of trust is transparency. Again, referencing the PwC survey, 71% of consumers find the privacy policies posted by companies to be difficult to understand.  If a consumer believes that an organization is intentionally obfuscating its practices, trust erodes.  When trust erodes, consumers say they will take their business elsewhere.

The moral of the story here is that as we move more fully into the data economy, we must also move more fully into being trustworthy stewards of personal data.  We do that, by adhering to the letter and the spirit of the data protection laws and establishing strong information practices.  Some of those practices include:

  • Data Flow and Categorization – It sounds cliché, but you can’t protect what you don’t know you have. So, the first step that is typically suggested is doing a data flow or data mapping.  This helps you to determine where the date is coming from, how it’s being used, and who you might be sharing it with.  You may find that you’re collecting more data than you need, or that you’re sharing it with vendors that don’t need it.
  • Limit Collection of Data – Another old axiom in the data security and privacy business is “don’t collect what you don’t need.” To put it simply, it’s difficult to disclose or inappropriately use data that you don’t have.  Once you’ve done a data mapping exercise, you can review this with your team to determine which data is strictly needed as opposed to “nice to have.”  Moreover, many of the fair information practices are built on the notion of only collecting the data that you need to complete transaction with the individual.
  • Disclosures – Transparency with your constituency about what data you’re collecting and when, and how it’s being used is one of the simplest, but most important, steps that can be taken with respect to privacy. Visitors to your site, and consumers of your product or services, can’t make informed decisions about sharing their data if they don’t understand how that data might be used. Providing clear and concise information about your information practices helps to engender trust and stands you in good stead with legislative privacy regimes.
  • Awareness and Training – In today’s economy, most of our businesses and non-profits run on data. Whether we intend to or not, we become dependent on data transmission, data analysis, data storage, and data collection.  That means that everyone in our organization is going to encounter personal data at some point.  Given that fact, it’s important that your team knows what data is considered sensitive, and how that data is to be treated. An important part of training, that can be easy to overlook, is how to report a potential incident.  For example, what should be done if someone has emailed a payment account number?

The dilemma facing businesses today is encapsulated nicely in the January 2019 issue of the Frontier Technology Quarterly:

On one hand, the data economy is radically transforming many economic activities and creating new levels of prosperity. On the other, it presents the possibility of a perilous dystopia … A market economy cannot function without trust, and the data economy is no exception. Trust deficits can unravel the data market and undermine social cohesion, stability and peace.