Big data risk: privacy breaches can squander trust

Businesses run on trust. No matter how you cut it, the wheels of commerce are greased by promises, goodwill and the potential for legal consequences.

Our personal and work lives are surrounded by electronic gadgets that can automatically log, record and preserve our actions for posterity.

Data collection and analysis is nothing new. Governments and large businesses have been using these tools for 30 years. What has changed recently is the sheer volume of retained data collected automatically, and the potential for extracting value from that data.

Retailers and financial services firms have turned client data analysis into a very profitable art form over the last few years. Customer rewards programs are often little more than data surveillance of clients, sugar-coated in marketing fluff.

So called “big data” technologies, which analyse huge volumes of disparate corporate data to look for patterns and trends, are now becoming more widespread.

As Charles Duhigg covers in The Power of Habit and this New York Times article, major US retailers are already profiling and predicting customer behaviours to extraordinarily creepy levels. He outlines instances where retailers are routinely “concealing” the true extent of knowledge that the retailer has about their customer’s life, to avoid customers realising that they are under surveillance.

Within Australia, the Federal Government has 10 Privacy Principles which focus primarily on the collection and use of customer data.

While the privacy principles are clearly well intentioned, with a prime directive of “only collect information that is necessary”, it is easy to see why “big data” companies like Facebook and Google are based outside Australia.

I think we all know people who should be sharing less of their lives on Facebook. For many businesses, the ease with which employees can deliberately or inadvertently share confidential information is also an area of major concern.

While it is technically feasible to restrict access to social media websites via work computers, and many large businesses certainly do block them, this approach can easily have unintended consequences. The most likely outcome is employee frustration, and attempts to find ways around restrictions. Employees can easily bring their own laptops and tablets into work, and connect to social networking sites via telco 3G services.

If anything, completely restricting corporate access to social networking sites is likely to encourage employees to work using their personal devices, and transfer corporate data onto fundamentally less secure systems – so that they can continue to work productively without constantly switching between systems.

Rather than rely on blunt website restrictions, it is far more productive to design business processes and IT systems to reduce the risk of data loss, and ensure employees are trained to understand the associated business risks and how to avoid problems.

Further complicating matters is the mess of laws that govern workplace privacy issues across Australia. Each state has their own legal regime covering workplace surveillance, which includes email and website monitoring.

In NSW, businesses need to clearly inform employees of policies around monitoring, and who will be able to access the data. In Victoria, businesses need to go further, and seek explicit consent from an employee.

The impact of the woeful legal mess is neatly summarised in this cute, interactive map of the legal quagmire of privacy legislation enacted around Australia.

Privacy issues essentially boil down to an issue of trust. Rebuilding shattered trust can be an expensive exercise. Business leaders should very carefully consider how their use of customer data will be perceived in the market, and how social media tools and cloud based web applications might be safely integrated into their employees’ work.