Friday, 8th February, 2008
Have you met my data shadow? - 8th February, 2008
Why data privacy should matter to us all
I love data. Yup, sets, charts, trends and ratios rock my world. And as you probably know, many of the posts in this blog are about collecting and using customer data to drive your business forward.
So does that mean I’m advocating a business should collect and store every bit of personal data about its customers that it possibly can?
Do I share Google’s vision of storing 100% of user (ie your) data?
Not at all. I believe that when we ask for personal data from a customer, we must understand that we are being trusted with something precious and that we have a responsibility to limit what we take and how we use it to within boundaries that are acceptable to both parties.
Here’s my exploration of why.
Data is power
For a business, customer data is knowledge and knowledge, as the saying goes, is power.
The power to make strategic decisions, power to delight customers by understanding and surpassing their needs, the power to boost conversions and the power to make our marketing work just that little bit harder than our competitors.
Businesses don’t generally collect data because they’re evil, they collect it because they want to do what they do better (including, of course, making money).
But data can be stored. Data can be lost, stolen or exposed. Data can be used in innocence or corruptly for purposes very different from those imagined when it was collected.
The data in its own right is benign. But start aggregating it, storing it, analysing it - then suddenly its power is explosive.
Have you met my data shadow?
Like you, everywhere I go as I conduct my life on and offline, I leave a data shadow. Not only does that data shadow mirror my actions, but to some extent it also mirrors a distorted approximation of my thoughts.
(Anyone unsure how your data shadow might reveal what you are thinking should check out this article about the AOL data release, when AOL made public the web searches made by 658,000 of its users over a three month period.)
And my data shadow is being stored.
Maybe its only being stored to speed up my online shopping cart process, so that I am more likely to buy. Perhaps it is stored to record my travel history, while I earn airlines or reward points. But may be its being stored for some unspecified purpose that will be decided at a later date. (Check out for this rather scary Guardian newspaper article about Facebook as a good example).
But, if I have nothing to hide, does it even matter?
I believe it does matter very much.
Yes, on a basic level, I simply don’t want strangers knowing everything about me. But at a more philosophical level, I believe am more than the sum parts of my data shadow. The trouble is, what is being stored for future retrival doesn’t reflect that. In 10 years time I will not exist as I do at this moment - but my data shadow from today will.
And it will exist in a very different context (and perhaps political climate) to when the data was collected.
“There is a view that the storage of personal data is only problematic for those with something to hide. But we cannot know for sure how data we supply today will be used tomorrow - goalposts shift, governments change - and not all are benign. When in 1933 the population of Germany provided their personal data for census purposes, they could have had no knowledge of ultimate consequences.” From An Uncertain Voyage, A British Computing Society article by Barry Blundell.
The trouble with context is it can change
What if the supermarket loyalty card data which you have readily handed over in exchange for points was used to prove you drank too much wine over the last 15 years, thereby denying you access to healthcare?
What if your airmiles & Tripadvisor data was used to calculate your share of responsibility for global warming and you were fined accordingly?
What if of your barely known Facebook “friends” commits an act of terrorism and every shred of your personal communication data becomes evidence? (After all, Facebook even has your mobile phone number).
These may seem far-fetched examples, but they all relate to data we readily hand over and cannot simply retrieve if we change our minds.
Taking responsibility
As consumers, I think we have to think a little harder before we hand over our personal data.
And as businesses (especially us data-huggers) I think we have to remember ask ourselves not just if we want this personal information, but also if we really need it. Because ultimately, we should not demand or solicit from our customers any data we would be reluctant to hand over ourselves. And we should respect and protect customer data as though it were our own.
(A document Google inadvertently released on the Web in March 2006 said it was moving toward being able to “store 100% of user data,” citing “emails, Web history, pictures, bookmarks” as a few examples). See this interesting Wall Street Journal article for more on the subject of Google Plans Service to Store Users’ Data
