Is your privacy worth $1/2 Billion? It is to some people.
Privacy issues are of paramount importance to organizations operating in the digital landscape – and to their customers. Understand the implications, have the right policies, and make sure they are being followed.
- Don’t ask for more info than you absolutely need
- Don’t assume your customers share the same attitudes about privacy
- Obey the golden rule; care for others info as you would want your own treated.
- Stay up to date.
- Confirm you compliance, and start with our Privacy Checklist
Where’s the value in a name?
Could you put a value on your name?
Our name has such value that we will spend money and go to court or risk injury and go to battle to protect or defend our name. We mark someone’s achievement and show respect by putting their name on buildings, roads
Our name has value because of what it means, but also because of what it does.
Our name makes us unique; it’s how we identify ourselves, and how others identify us. Whatever else about us might change, or age, height, weight or appearance, our name is the same. The sharpest scalpel and most skilled plastic can change many things about you, but not your name.
Our name is how people can find us and know when they have, as only we can say “yes that’s me
Our name is what we also must change to avoid being found, as it cannot be disguised. When you change your name, to the rest of the world you become a different person.
Your name is currency which you use every day
With all that means and all that it does, what is your name worth to you.
We already use our name as if it has actual monetary value to us. Whether we
While we may trade on the value of our name, what price would we think is a fair one for our name in the bargains we make? Does $560 million seem like enough?
It wasn’t for one person.
On 6 January 2018, one person came forward with a winning ticket for $560 million jackpot in the New Hampshire Powerball lottery. Despite losing
To receive the jackpot, she would have to agree that her name would be made public. For her, it was not enough that she would get $560 million as a result. She didn’t want
The rule in New Hampshire lottery is the same with most lotteries. The winner’s name is needed for two reasons. The lottery must maintain its integrity and encourage people to keep buying tickets. The winner’s name lets the lottery do both. It confirms that someone really did win, and seeing a lottery winner holding a huge cheque for a huge amount makes people keep hoping and keep buying lottery tickets. The winner’s name is what keeps the lottery going.
$560 million doesn’t go as far you’d expect – in New Hampshire anyway
This means that the bargain is that in exchange for the use of their name this way, a lottery winner will receive the jackpot.
The New Hampshire winner understood this bargain and how her name would be used by the lottery. The problem for her was about what other uses might be made of her name after it was made public. Because of the unexpected ways other people might use her name and the risks she would face as a result, she couldn’t
Who could blame her?
Not only have previous lottery winners been the victim of theft, fraud, extortion and endless demands for money from people they haven’t met or didn’t remember were related, some have suffered physical attacks, injury and been killed after people learned about and made contact with them because of their lottery luck. The lottery operator could do nothing to address this concern so long as the existing rule was enforced.
We all spend like lottery winners every day.
While the example is extreme, the same worry can exist for anyone in the bargain we all make every time we are asked for and give our
When someone gives their name for any of these reasons, the value to them of what they will get is at least equal to the value of their name which they give, because of how they expect their name to be used as a result. If there is a reason to think it could be used in other ways, the risks of such unexpected use might be too high for someone to feel they have received enough to balance out what they have given. In New Hampshire, the bargain asked too much from the lottery winner for her to agree.
For anyone who feels uncomfortable about giving out private information, particularly online, it could be the same. The bargain will be harder to agree, the more risk they feel as a result of giving out their personal information, which is what you might
The concern people have about what else you might be able to find out after they give you their name comes from increased awareness and concern about invasions of privacy in all aspects of our lives.
Is your organization a good custodian of your customers' privacy?
Just because we know people are
The potential for invasion of privacy seems to be everywhere from CCTV cameras on the street to the things we buy and are in our homes. It’s no longer means you could be paranoid or a believer of conspiracy theories to accept how easy it might be for someone to invade your privacy and get information about you.
Whether that means someone will actually do so, by using our laptop, smart TV, mobile phone or that new thing sitting on a table that answers the questions we ask, at some level we think it’s possible.
Whatever risk might actually exist or however we each feel about that, issues of privacy and concerns about the use of information will affect what information you ask them to provide online, and how reluctant they are to provide information or question why it is being requested and how it will be used.
For the lottery winner, there was nothing the lottery operator could say to reassure, as it was the actions of other people and their unexpected use of information that was the risk for her.
We expect the unexpected, but that only makes it worse.
The same risk can be felt by any of us, as there are obvious reasons to worry about
We can start with any recent accidental disclosure of private information which
Then, there are companies which intentionally misuse or disclose personal data, often for the company’s financial gain.
The most difficult reasons for concern are from companies that do something with information which causes concern, not because it is illegal, but because it was unexpected. This can be how the information was used or because the company used
When Netflix and Spotify acted like our friends – for the wrong reason
When someone who (we assume no longer) works for Netflix sent a company tweet in December 2016 saying, “To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?” some people saw the
Netflix subscribers might also wonder just how closely Netflix was watching them at the same time they watched Netflix. It wasn’t a secret that viewing history was tracked by Netflix as that’s how the site makes recommendations. What was unexpected was the reminder that someone was watching and keeping track, and that the information could be used that way. Not many would expect their Netflix subscription would be used to poke fun and mock them. That’s what expect from your friends and family. Not from Netflix.
Netflix was following the clumsy example of Spotify’s 2016 ad campaign in which they shared insights taken from customer data. Some of the insights were very personal such their message which
The best/worst example of
this was not the bargain people agreed to when they handed over their name and other private information.
Sometimes saying you didn’t break the law makes it all worse.
When these companies saw a negative reaction, they all responded by confirming that there was no breach of privacy rights in how information had been used and it was also covered by what customers had agreed to when they clicked “accept” on the company's terms and conditions.
What they also confirmed was that they all missed the point and didn’t see what else might have been a reason for concern.
It’s unlikely that it many people even cared whether the companies used the information legally or not. It was that the fact that the companies showed that they would use information about their customers in ways we didn’t expect, and in doing so make their customers (and the company) look stupid. In relation to Netflix and the smug tone of their original tweet, the irony is remarkable.
The greater concern the companies didn’t acknowledge was that this was not the bargain people agreed to when they handed over their name and other private information.
When you look at all the different factors and reasons for concern, what can you do to respond to each person’s personal level of comfort and be able to
3 suggestions and 2 steps to deal with someone else’s mess
- Acknowledge that different concerns will exist and be prepared to answer them.
By asking what you can do to respond to each person and their individual concerns, you’ve already got most of the answer.
It means that you understand you shouldn’t make assumptions about privacy concerns, as they will be different for each person because of their own experience and background.
You should also see that your response can’t be just ticking a box that you have policy in place that you can look at if the issue comes up. The policy is a resource, not a solution. You have a legal obligation to have a policy in place. But the obligation you have to someone who agrees to give you and let you use their information could include more.
When you understand that a range of concerns could exist, you then make decisions about your website and prepare for interactions with website visitors. You anticipate what those concerns might be about, and the tone and content of what response you might make and what else could be done to address any concerns on your website already.
You can also understand what information you are asking for and justify why you need it, rather than just want it. This is what a customer might ask. You can also check if you are getting more information than you need, as you really don’t want to be responsible for looking after more data than is necessary
If you interact with people through your website, be aware of what your employees are asking or discussing with visitors. Some people are willing to share unexpected and detailed personal data, such as the medical information, while others won’t even want to give their name. Employees should be trained to understand the issues, particularly junior and younger employees doing this job as privacy concerns are more than legal compliance. It applies to what information you ask for, as well as what information your companies receive whether they ask for it and how you look after the information you are given.
- Don’t make the mess any bigger
Follow some basic steps so you don’t become part of the
Is your website compliant with privacy and personal data obligations? If so, when did you confirm this and when will check again? Is the website compliant everywhere it needs to be (in the world, that is. Not in the policy itself).
You might want to take another look, just to be sure.
If you’re not sure what to do, it’s a good sign.
Starting with this checklist might be helpful.
- Now keep up with the issue
To stay on top, when you get to the end of the second point, go back to the first and do it again. This issue will change as the uses of information evolve and as will how we react, particularly as we become more aware of how much information can be known about us through regular “normal” dealings. Expect to be asked questions about what else you now know about people and why.
If you do enough and have a good reputation for dealing with privacy and personal data issues, you will probably also earn the trust of your customers. Their trust is an asset of huge value, earned through the bargain your customers made when they handed you their valued and valuable name.
Keeping your new asset safe with 2 simple questions
You can protect this asset and understand what might affect its value if you ask two questions before doing something that requires you to use or rely on customer information:
- Would a customer be surprised to find out that’s what the information is being used for?
- How would I feel if someone else used something they knew about me and did what we’re about to do as a result?
If the answer suggests that might not be what you or your customer bargained for (or if the answer includes the word “creepy”) you should probably think again!
Find out if your organization is doing a good job of managing privacy concerns.