What Price Privacy?

Posted by John Brookes on Feb 13, 2018 2:28:23 PM

TheValueOfPrivacy.jpg

 

Privacy issues are of paramount importance to organizations operating in the digital landscape – and to their customers. Understand the implications, have the right policies, and make sure they are being followed.

Key Takeaways:

  • Don’t ask for more info than you absolutely need
  • Don’t assume your customers share the same attitudes about privacy
  • Have a real privacy policy, not just a boilerplate, and make sure your front-line staff understand it.
  • Obey the golden rule; care for others info as you would want your own treated.
  • Stay up to date.
  • Confirm you compliance, and start with our Privacy Checklist

 TL-DR.jpg

 

Where’s the value in a name?

Could you put a value on your name?

Our name has such value that we will spend money and go to court or risk injury and go to battle to protect or defend our name.  We mark someone’s achievement and show respect by putting their name on buildings, roads and even mountains.   A name has value because of what it represents about a person.  Their name becomes their reputation and their honour

Our name has value because of what it means, but also because of what it does.

Our name makes us unique; it’s how we identify ourselves, and how others identify us.   Whatever else about us might change, or age, height, weight or appearance, our name is the same.  The sharpest scalpel and most skilled plastic can change many things about you, but not your name.

Our name is how people can find us and know when they have, as only we can say “yes that’s me”, if asked our name. Our name can be the most important thing people know about us, giving great value to our name for anyone who wants to contact or find us.

Our name is what we also must change to avoid being found, as it cannot be disguised.  When you change your name, to the rest of the world you become a different person. 

 

Your name is currency which you use every day

With all that means and all that it does, what is your name worth to you.  

We already use our name as if it has actual monetary value to us.  Whether we realise it or not, we enter into bargains and make decisions, sometimes daily, based on the value we put on our name and others.  

While we may trade on the value of our name, what price would we think is a fair one for our name in the bargains we make? Does $560 million seem like enough? 

It wasn’t for one person.

On 6 January 2018, one person came forward with a winning ticket for $560 million jackpot in the New Hampshire Powerball lottery.   Despite losing interest of at least $50,000 a day, as of this writing, she had yet to receive the money – by choice. The winner had to decide the value of her name in order to collect her winnings and wouldn’t agree to the bargain she would have to make. 

To receive the jackpot, she would have to agree that her name would be made public.  For her, it was not enough that she would get $560 million as a result. She didn’t want more or different compensation. Instead she has filed suit as “Jane Doe” challenging the rule that to receive her lottery winnings, her name must be made public.  

The rule in New Hampshire lottery is the same with most lotteries.  The winner’s name is needed for two reasons.  The lottery must maintain its integrity and encourage people to keep buying tickets.  The winner’s name lets the lottery do both. It confirms that someone really did win, and seeing a lottery winner holding a huge cheque for a huge amount makes people keep hoping and keep buying lottery tickets. The winner’s name is what keeps the lottery going.

 

$560 million doesn’t go as far you’d expect – in New Hampshire anyway

This means that the bargain is that in exchange for the use of their name this way, a lottery winner will receive the jackpot.

The New Hampshire winner understood this bargain and how her name would be used by the lottery.  The problem for her was about what other uses might be made of her name after it was made public.  Because of the unexpected ways other people might use her name and the risks she would face as a result, she couldn’t agree the bargain.  

Who could blame her?

Not only have previous lottery winners been the victim of theft, fraud, extortion and endless demands for money from people they haven’t met or didn’t remember were related, some have suffered physical attacks, injury and been killed after people learned about and made contact with them because of their lottery luck.  The lottery operator could do nothing to address this concern so long as the existing rule was enforced.

 

We all spend like lottery winners every day.

While the example is extreme, the same worry can exist for anyone in the bargain we all make every time we are asked for and give our name, and other personal data.  The same is made by website visitors when they give their email address for a mailing list, their details to make contact, subscribe for access or to receive a service, or buy something online.  

When someone gives their name for any of these reasons, the value to them of what they will get is at least equal to the value of their name which they give, because of how they expect their name to be used as a result.  If there is a reason to think it could be used in other ways, the risks of such unexpected use might be too high for someone to feel they have received enough to balance out what they have given.   In New Hampshire, the bargain asked too much from the lottery winner for her to agree.

For anyone who feels uncomfortable about giving out private information, particularly online, it could be the same.  The bargain will be harder to agree, the more risk they feel as a result of giving out their personal information, which is what you might asking them to do on your website.  Their concerns could be that their information will be used by you, or by someone in ways they don’t expect.  They could also be concerned about what else you could find out about them from the information they give you.  Both can increase the risk they feel and therefore increase the value of the information they’re giving to you. If that value is too high, the bargain that they would have to agree might not be possible if what they’re giving is not worth what they receive in return.

The concern people have about what else you might be able to find out after they give you their name comes from increased awareness and concern about invasions of privacy in all aspects of our lives.

-- 

 Is your organization a good custodian of your customers' privacy? 
Not sure? 

Download Our Free Privacy Checklist

-- 

Just because we know people are listening all the time, doesn’t mean we’re paranoid.

The potential for invasion of privacy seems to be everywhere from CCTV cameras on the street to the things we buy and are in our homes.  It’s no longer means you could be paranoid or a believer of conspiracy theories to accept how easy it might be for someone to invade your privacy and get information about you. 

Whether that means someone will actually do so, by using our laptop, smart TV, mobile phone or that new thing sitting on a table that answers the questions we ask, at some level we think it’s possible. 

Whatever risk might actually exist or however we each feel about that, issues of privacy and concerns about the use of information will affect what information you ask them to provide online, and how reluctant they are to provide information or question why it is being requested and how it will be used.

For the lottery winner, there was nothing the lottery operator could say to reassure, as it was the actions of other people and their unexpected use of information that was the risk for her.

 

We expect the unexpected, but that only makes it worse.

The same risk can be felt by any of us, as there are obvious reasons to worry about unexpected use of information by unexpected people. 

We can start with any recent accidental disclosure of private information which are common and seem to involve employees of some sectors more than others. It raises a “chicken or egg” type question about why employees in certain sectors are more likely to leave sensitive documents behind in, for members of the public to then find.  Does the sector attract or create that habit in people?  (sorry, you lost me here… what sectors are you talking about?)

Then, there are companies which intentionally misuse or disclose personal data, often for the company’s financial gain.   

The most difficult reasons for concern are from companies that do something with information which causes concern, not because it is illegal, but because it was unexpected.  This can be how the information was used or because the company used information we didn’t realise they had. Some recent examples show how this can happen. 

 

When Netflix and Spotify acted like our friends – for the wrong reason

When someone who (we assume no longer) works for Netflix sent a company tweet in December 2016 saying, “To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?” some people saw the humour.  More people thought it was creepy.   And a bit snarky

Netflix.jpg

Netflix subscribers might also wonder just how closely Netflix was watching them at the same time they watched Netflix.  It wasn’t a secret that viewing history was tracked by Netflix as that’s how the site makes recommendations.  What was unexpected was the reminder that someone was watching and keeping track, and that the information could be used that way.  Not many would expect their Netflix subscription would be used to poke fun and mock them. That’s what expect from your friends and family.  Not from Netflix.

Netflix was following the clumsy example of Spotify’s 2016 ad campaign in which they shared insights taken from customer data.  Some of the insights were very personal such their message which one their customers would have seen on a billboard which said: “Dear person who made a playlist called: 'One Night Stand With Jeb Bush Like He's a Bond Girl in a European Casino.' We have so many questions.”   This person probably didn’t expect that information Spotify had about them would mean that their subscription also included a “Sarcastic Critique option?  

The best/worst example of unexpected use of customer information comes for Uber and their company blog about “rides of glory” (their phrase, not ours!). The blog topic was (remarkably enough) the various customer’s one-night stands which they were aware of, as a result of using Uber.  Is further comment required about how unexpected this would have been.

uberdata-ridesofglory-year.jpg

 

---
this was not the bargain people agreed to when they handed over their name and other private information.
---

Sometimes saying you didn’t break the law makes it all worse.

When these companies saw a negative reaction, they all responded by confirming that there was no breach of privacy rights in how information had been used and it was also covered by what customers had agreed to when they clicked “accept” on the company's terms and conditions. 

What they also confirmed was that they all missed the point and didn’t see what else might have been a reason for concern.

It’s unlikely that it many people even cared whether the companies used the information legally or not.  It was that the fact that the companies showed that they would use information about their customers in ways we didn’t expect, and in doing so make their customers (and the company) look stupid.  In relation to Netflix and the smug tone of their original tweet, the irony is remarkable.

The greater concern the companies didn’t acknowledge was that this was not the bargain people agreed to when they handed over their name and other private information.

When you look at all the different factors and reasons for concern, what can you do to respond to each person’s personal level of comfort and be able to agree the bargain with them?

 

3 suggestions and 2 steps to deal with someone else’s mess

  1. Acknowledge that different concerns will exist and be prepared to answer them.

By asking what you can do to respond to each person and their individual concerns, you’ve already got most of the answer. 

It means that you understand you shouldn’t make assumptions about privacy concerns, as they will be different for each person because of their own experience and background.

You should also see that your response can’t be just ticking a box that you have policy in place that you can look at if the issue comes up.   The policy is a resource, not a solution.   You have a legal obligation to have a policy in place.  But the obligation you have to someone who agrees to give you and let you use their information could include more. 

When you understand that a range of concerns could exist, you then make decisions about your website and prepare for interactions with website visitors.  You anticipate what those concerns might be about, and the tone and content of what response you might make and what else could be done to address any concerns on your website already. 

You can also understand what information you are asking for and justify why you need it, rather than just want it.  This is what a customer might ask.   You can also check if you are getting more information than you need, as you really don’t want to be responsible for looking after more data than is necessary

If you interact with people through your website, be aware of what your employees are asking or discussing with visitors.  Some people are willing to share unexpected and detailed personal data, such as the medical information, while others won’t even want to give their name.   Employees should be trained to understand the issues, particularly junior and younger employees doing this job as privacy concerns are more than legal compliance.  It applies to what information you ask for, as well as what information your companies receive whether they ask for it and how you look after the information you are given. 

  1. Don’t make the mess any bigger

Follow some basic steps so you don’t become part of the problem, or the latest embarrassing example for others. 

Is your website compliant with privacy and personal data obligations?  If so, when did you confirm this and when will check again?  Is the website compliant everywhere it needs to be (in the world, that is.   Not in the policy itself).

You might want to take another look, just to be sure. 

 

If you’re not sure what to do, it’s a good sign.

If you’re not feel entirely sure about what is needed or what you should do, that’s not a bad thing.  False confidence about these issues would be far worse.  You will also be in good company, with the rest of us who must keep up to date to stay on top of it all.  This is an area which changes often and is affected by who and how your website is being used.  

Starting with this checklist might be helpful. 

  1. Now keep up with the issue

To stay on top, when you get to the end of the second point, go back to the first and do it again.  This issue will change as the uses of information evolve and as will how we react, particularly as we become more aware of how much information can be known about us through regular “normal” dealings. Expect to be asked questions about what else you now know about people and why.  

If you do enough and have a good reputation for dealing with privacy and personal data issues, you will probably also earn the trust of your customers.  Their trust is an asset of huge value, earned through the bargain your customers made when they handed you their valued and valuable name. 

 

Keeping your new asset safe with 2 simple questions

You can protect this asset and understand what might affect its value if you ask two questions before doing something that requires you to use or rely on customer information:

  1. Would a customer be surprised to find out that’s what the information is being used for?
  1. How would I feel if someone else used something they knew about me and did what we’re about to do as a result?

If the answer suggests that might not be what you or your customer bargained for (or if the answer includes the word “creepy”) you should probably think again! 

 

Find out if your organization is doing a good job of managing privacy concerns. 

Download Our Free Privacy Checklist

 

Topics: Strategy

Welcome!

Follow along as we scour the internet and bring you the best and most relevant updates on all things digital.

Subscribe to Email Updates

Recent Posts