- Consumers are becoming aware that their personal data is being mined and misused. They will demand changes and control.
- Companies, starting with IT departments, need to get in front of this trend and become more customer-conscious about personal data and privacy by giving customers control and choice about how their data is used before laws and regulations make it no choice at all.
The definition of ‘me’ is expanding. ‘Me’ used to be about personal identity and one’s physical person, perhaps even extending to the immediate family around you. ‘Me’ is getting bigger, though, and extends to a lot more things. ‘Me’ is now also anything about ‘me’ including metadata about me. ‘Me’ is the data I generate from just living, the things I do, the products I buy, the music I like to listen to, and the entertainment I enjoy. ‘Me’ is browsing habits, daily habits, the places I go, the things I stop and look at in stores; my preferences for temperature, color, and foods; even my face, my eyes, my fingerprints, the patterns of veins in my hands.
In the era of AI and big data, this data is being harvested and, in many cases, exploited. Vendors display with glee the precision with which they can track people’s movements via WiFi or cellular and add AI processors to cameras to improve facial recognition. New technologies are being created and revealed every day, all designed to take a better digital profile of ‘me.’ There is a growing recognition among consumers that while it once seemed harmless to trade personal data for access to applications and services, the disparity of power has grown to the point of being threatening to consumers.
As IT managers and industry professionals, what can be done? The vendors in our industry are not helping, ignoring or downplaying ethical considerations and the broader trends of consumer interest: “We can’t control what people do with our tech.” Business management and marketing at the companies we work for all ask IT: “How can we monetize the data we collect?” This puts the company and its employees in a precarious position both ethically and professionally. What be done?
Warn, educate, and advise your employers. The EU’s GDPR was a shock to some organizations, so start there. Emphasize that this isn’t just a meddlesome government regulation and remind them of how painful it was to get into compliance and remain there. GDPR was just the tip of the spear. Customers are going to increasingly demand to know not only how and where companies are keeping their data, but also who they are sharing it with, and they will demand the right to delete it or not have it tracked to begin with. Prepare for looks of incredulity, doubt, and outright mockery. The gold rush to monetize everyone’s data is past, and although it built quite a few of our tech unicorns, those days are over. People are beginning to delete apps and services once thought to be indispensable and learning that the sky does not fall. Have executives of these companies ask around: how many have deleted social media apps that everyone used to use? That’s the sign that people are beginning to understand the value of their data and privacy. Soon, they will demand control.
First, IT managers must familiarize themselves with the issue of privacy and data ownership. It doesn’t matter how you personally feel about the issue; it’s something you need to be familiar with so you can guide your company through these choppy waters. Then, educate your staff. This isn’t an exercise that can be done with a single meeting or handout. It will take time and discussion. Then, with your staff, make a list of areas where the company may be in jeopardy around privacy and data. Take it to management, and again, this isn’t going to be easy or quick. There isn’t a silver bullet or video you can show people to get them to understand. Time and consistent work are needed.
Make your company the leader in consumer-conscious data protection and privacy. You will gain customers and business in the long run. Companies which give that control to customers and communicate it can win in the marketplace. This means no more unreadable, 20-page click-wrap agreements written in Old High Legalese, but instead clear, concise, easy-to-read terms outlining their right to not be tracked and to have their own data deleted.
Companies need to do this and need to do it now. Or, it will be done to us via regulations and laws. Companies that aren’t prepared and customer-conscious about personal data and privacy will be the ones that can’t adjust and fail. Be the tireless advocate your company needs.