Dr. Pradeep Salgaonkar speaks about companies collecting personal data of customers and lists down points and ideas to protect their privacy
It is a fact that the personal data of customers is the new fuel for businesses and that more and more companies are involved in gathering customer data through various platforms such as social media, websites, mobile and laptops/desktops, and the Internet of Things (IoT). In addition, the types of data may include user’s IP address, a user’s location, past search queries, the ads that someone clicks on online, email id, phone number etc. Customer data is good for businesses, helping them make sound marketing decisions, targeted promotions, introduce better and improvised products that fulfil newer needs of customers etc. Few companies do disclose to the customer what data they are collecting and how it will be used. To cite an example here is an extract of notification that pops up when the web page of this company is visited. “We value your privacy – We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products.”(https://www.information-age.com). This accounts for data collected with customers’ knowledge and consent and there should be no issue if it is used for the purpose for which it is being collected.
On the flipside, many companies collect personal data without consent or knowledge and is not without ethical issues and negative connotations attached to it from the customer’s point of view. Most customers are ignorant about the type of data that is collected and how it is used. Many times companies involve in invading and violating customer’s privacy by virtue of collecting very personal data, that a customer otherwise would not like to share. This data, at times, gets sold or circulated among interested parties unethically and most times is used for illegal activities, or spam marketing. At times, there are hackers who hack into companies databases and get access to personal data of millions of customers, which in turn is sold to third parties who target the innocent customers or use the data for other illegal activities including politicians to influence voters’ preferences, or for phishing attacks. Around 130 accounts of high-profile personalities and celebrities were targeted when Twitter was hacked through a phone spear-phishing campaign. More than 5,00,000 Zoom passwords were stolen and the details were put up for sale on the dark web.
One of the much-discussed cases is of Facebook, where data got leaked more than once. Personal information of over 533 million Facebook users from 106 countries was leaked online. A Telegram bot was used that exploited a vulnerability in a Facebook feature which allowed phone numbers linked to every account to be accessed for free. This included around 6 million Facebook accounts from India; Delhi being the worst hit with over 1.5 lakh accounts affected. Interestingly, it was reported that this leaked data included phone numbers and personal details of a number of high-profile individuals including the founder and CEO of Facebook itself. The Cambridge Analytica scandal is not to be forgotten, where personal information of around 87 million people was collected through a personality quiz app that many had accessed through Facebook, and is believed to be used to influence voters’ preferences by political parties.
The Big Question
So the big question that arises is whose responsibility is it to ensure customers’ personal data safety? Is it the customers themselves who should be cautious and not disclose personal data and take every possible care to protect their data, is it the companies which collect the customers data that should safeguard the data, or is it the Government’s responsibility?
Now that the bigger beneficiaries are the companies that are collecting this data, it becomes the principle responsibility of these companies to protect and safeguard their customers’ data that is willingly provided by them. Of course, not to forget the primary responsibility of customers themselves to be careful and vigilant about their personal data as to whom are they sharing this data and what data is being shared.
Once the data is shared, customers look up to the companies for a deeper level of trust. They trust the companies to protect every bit of their personal information that they share. They do not expect any sort of misuse of this data nor are they expecting a third party to get access to this data, through unscrupulous means. That means it becomes even more essential for companies to adopt such mechanisms and protective methods that will keep hackers and cybercriminals at bay. Trust is an essential element of customer relationships and companies should ensure that this trust is not breached at any cost. This calls for a greater responsibility on part of companies across all industries to ensure their customers’ personal data safety.
A review of research on customers’ expectations on data safety shows that about 79% of customers are concerned about data security and privacy issues. Moreover, about 72% customers believe that the data collecting companies are the best to protect their data and not the Government.
Companies Duty Bound
There is a dual challenge before the companies: (a) collecting required customer data and collecting it ethically with consent of customers; and (b) ensuring safety of this collected data, securely protecting it from hackers and cyber-criminals. This is very essential to gain and maintain customers’ trust in the business and thus healthy relationships. Companies, especially involved in small and medium size businesses, could take the following actions in this direction;
i. Invest in cyber security and update regularly: Do not be complacent or ignorant about cyber security, thinking that the business is small and it may not be a big concern.
ii. Strong passwords: Use very strong passwords and change them at regular intervals. Similarly use encryption to convert text to some other characters while storing data.
iii. Regular checks and tests: Cyber security systems functioning to be checked regularly just the way mock drills and checks are carried out to ensure system’s soundness.
iv. Monitor data regularly: For potential threats or potential loss of data, one should know what data is collected and where it is stored. Collect only the required data and do not keep data that is not required. It makes better sense if all data is stored securely at one place.
v. Limit access to data: Allow only a select number of people to access data with proper authorisation and authentication. At the same time, continuously train these people in the latest developments in cyber security.
vi. Transparency and truthfulness with customers: This will help develop trustworthy relationships.
vii. Safety as top priority: Make customer privacy and data safety the top priority in the company’s journey of customer focus and experience.
viii. Be prepared for the worst: Being prepared for cyber-attacks at all times will definitely help companies to face the crises, if any, in a much better manner.
Of course, there is a cost element involved in ensuring a cyber secured organisation, but it is worthwhile especially in the end ensuring customer loyalty and companies’ sustainability.
Every company today, especially the e-com players, need the new fuel – ‘customer data’, for running its business. Thus, it is mandatory for companies that they collect the required data most ethically and manage it to ensure total security of customers’ personal details and simultaneously build trusting relationships with customers by practicing transparency and sincerity.
The writer is Founder Director, Saldots Academy; corporate trainer and facilitator; past chairman of Goa Management Association. Email: pradeepsalgaonkar@gmail.com
