My role is a fairly new one that reflects one of the great challenges technology poses to modern life: I am a privacy officer.
To me, privacy is not primarily about securing data (although that’s a critical part of it). Privacy is about the ability of individuals – the “data subjects” – to control the access that others have to their personal lives, personal beliefs, habits, and desires. I spend my days obsessing over the question, “How do we sell a great product that’s also committed to protecting the privacy of our end-users?”
Privacy is about ethics. It is about doing the right thing, and not the thing that you have the right to do. Big difference!
Privacy doesn’t happen by accident.
I follow the six pillars of “Privacy by Design,” a new concept that’s badly needed in our new world. I am committed to:
1. Fairness and Transparency.
2. Giving people choice and control regarding their data.
3. Minimizing – collecting only the information that’s necessary.
4. Being lawful.
5. Making sure that the data is secured.
6. Being accountable for what my business does.
Privacy by Design has become necessary as technology has become more and more intertwined with our personal lives.
Think about our homes. They can be locked, and nobody can enter without our permission. We and we alone choose who can see, touch, and handle our possessions. We don’t hide them, but we do decide who can and can’t have access to them.
It should be just the same with our digital assets. There is no need to hide our personal and sensitive information, but we should have full control over what happens to it.
Manipulating people starts with invading their privacy.
The recent Netflix documentaries The Social Dilemma and The Great Hack show that when our personal data is shared carelessly or unethically, organizations can take advantage of it – and us. With advanced technology, they know us almost better than we know ourselves. And they can manipulate our decisions about what to buy, where to go, whom or what to vote for. Of course, they use this information to promote their own businesses and agendas.
Nearly all of us are active on social networks or purchase goods or services online, so we can all be exposed and manipulated. It sounds worrisome – even scary. But does it have to be like that?
Here’s where my role comes in. I help organizations provide products or services in such a way that their customers’ privacy is safeguarded and not jeopardized.
What you give away every time you act online.
Let’s take a look at what happens when we shop online:
When you place an order online, the business you’re buying from collects personal data that is required to fulfill the order, such as your email address, your phone number and your physical address. They usually get your credit card number and sometimes even information about your health.
As soon as you complete your order, all the data you provided is sent to be stored on the business’ database, hosted on one of the large data-hosting clouds. While your personal information (PI) is being stored, someone needs to maintain the hosting facility. How can we guarantee that this someone will not retrieve your PI and sell it to the competitors of the business that collected it?
The PI is also sent to the fulfillment facility so the order can be prepared and shipped to the customer (you). How do we know that your PI is secure and hackers cannot penetrate the facility’s network and steal it? Consider just your home address – were you home when your item was delivered? What does this say about your routine and schedule?
And that’s just the start.
In addition, your PI is sent to a number of other service providers, such as email delivery platforms, post-sales survey and UGC platforms.
Ultimately, collected data is sent to data engines that analyze it to learn more about consumer behavior – to learn more about us. By knowing us better, businesses have a better idea of what products and services to develop to align with our desires. But is that really bad? We may feel nudged to buy more, but even this may be in our best interest – for example, we may get a great price on something we’ve searched for for a while. There are many scenarios in which being targeted means being offered things we truly want.
I am the moat around your privacy. And the drawbridge isn’t let down without your consent.
As a privacy officer in the B2B e-commerce space, my job is to make sure your personal data is protected whenever any new product or service is developed or an existing one is modified. Whether for EU residents protected by the GDPR, CCPA for California residents, the Brazilian General Data Protection Law (LGPD) or for consumers elsewhere without such local regulatory protection, PI must be protected by regulating the ways in which data can be used. Software-as-a-service companies, like the one I work for, must build a global privacy program that will safeguard all the personal data it collects, regardless of where the data-subject resides.
When a business wants to reassure worried consumers, it can point to its commitment to the six pillars of Privacy by Design, and it should guarantee that all its service providers, partners, and vendors also commit to the same standards. Businesses must clearly explain to their customers what will happen to their PI and why. Consumers have the right to object (or “opt-out) to where their data will be sent, even if it means that they miss some of the purchased services or product features. They also have the right to change their mind and reverse the consequences by asking to be “forgotten.” And each business must make a public commitment that its customers’ data is protected by making its terms and conditions or terms of service accessible to everyone.
Along with global regulations and the Privacy by Design initiative, privacy professionals like me help build confidence that businesses are committed to respecting consumer data and using it only for the purposes the “data subjects” have actively agreed to.
The interests of businesses and the interests of customers only appear to be at odds; in fact, they are closely aligned. A commitment to privacy can be a business advantage – and remember, every single business person is the customer of countless companies, too.