Big data. It isn’t just governments collecting it. Everyone from supermarkets to mobile app designers are collecting and storing vast quantities of information about their customers.
The Warehouse Group alone has 24 web stores (up from two, just a couple of years ago) all collecting and storing information. And that’s both an opportunity and a responsibility.
Getting privacy right isn’t as hard as you think, says Katrine Evans, assistant privacy commissioner. New Zealand’s privacy laws are relatively liberal compared with the US and Europe, for example. But good privacy practices don’t happen on their own, she says.
Talking at the Trans-Tasman Business Circle Big Data Panel, Evans said companies need to take privacy issues seriously around the data they are collecting. And they need to design best practice into their information systems – rather than wait for everything to go horribly wrong. The life insurance sector is is one example of what not to do, she says.
Many companies used to routinely gather and store five years of health history data from their customers. Whether it was relevant or not. But when customers find out you’ve got data you don’t need to have they often aren’t happy – and that isn’t good for ongoing business.
Some privacy basics:
1. Know what you’ve got and why
Identify what data you are collecting, why you are collecting it, and whether you are being transparent about what you hold with your customers.
It’s amazing how many companies are collecting information the bosses don’t even know about. A major no-no is collecting information for one purpose and then using it for another. And don’t even think of selling the information unless you have the customer’s permission.
2. Don’t bury it in the small print
The commission is part of a 27-nation sweep operation looking at the privacy practices of mobile app developers. Expect a call if you are hiding dodgy practices behind a cover-all privacy tick box. And if you feel your own personal information is being misused, make a complaint to the commission.
3. Be transparent
Make it easy for your customers to find out what information you hold on them, and be responsive if they want it changed or deleted. This week the European Court of Justice ruled people have the “right to be forgotten”, meaning internet companies there may be made to remove irrelevant or excessive personal information from search engine results. But wise companies won’t wait for the court decision, Evans says.
Openness breeds trust – and the reverse. Portal and dashboard technology makes it relatively easy to give people access to their own information.
4. Make it relevant
Design privacy for your company. Far too many companies take their privacy policies off the shelf, or copy and paste from someone else’s. Bad idea. Build your privacy settings from the ground up, and make sure your privacy settings are relevant to your organisation.
5. Get help: employ a privacy officer
Around the same time as your company is thinking about getting external help with its accounting, think about getting a privacy officer on board. In the same way that you would seek external help on health and safety, get it right on privacy too.
6. Do regular stocktakes
Go back to your database regularly and ask them whether the information you hold on them is still correct, and if they are happy for you to hold it. The law states companies must make “such steps that are reasonable” keep information accurate, up-to-date and relevant, and destroy information they no longer need.
The commission can investigate complaints and seek compensation for breaches. But this communication can also be a great opportunity to actively engage with customers.