Don’t take your users’ data for granted

Privacy questions are swirling around the Internet, surrounding Google, Amazon and ISPs like a fog. So much so that the EU’s (much unused) Data Protection Directive is beginning to move front and centre in the fight for privacy. Many people have a level of distrust regarding corporate databases and are concerned that that too much information is held about us on too many systems. And without our permission.

The easiest way for corporate bodies to deal with the issues is fourfold:

# Be transparent. Be very clear about the information you gather and not just the explicit stuff that comes from people actually leaving personal information but by revealing that you will record all their activity forever including phone calls and direct mail.

# Be honest about why you need the information. If you use the information for behavioural or segmentation targeting then say so and avoid hiding behind bland statements such as “to improve your user experience”. The correct use of personal, learned and segmentation information can and does improve the visitors experience but you need to go a step further and explain why in plain English and even with a few examples.

# Allow easy access to your data controllers. Don’t insist that web-site visitors send a letter to a mysterious PO box, give them an easy to communicate with the people who control, clean and manage the corporate data. This will reduce the occurrence of bad data which is a good thing from everyone’s point of view and usefully opens out the management of the data to the crowd, simplifying the process of keeping information up to date.

# Respect the value. Many corporates hold personal information on millions of people and therefore often view the data as a sea of information to be mined at will. To the individuals it’s highly personal so you really need to tell your users what you are doing with the data and apply a modicum of security when storing and moving data around. The web has lots of good solutions to security, from simple mechanisms like Secure Socket Layers (SSL or https) to encrypting databases.

In many ways its a great way to use the power of your brand to reassure your visitors and works well if the user/customer/client is placed at the heart of your brand. If you don’t have an established brand then you can piggyback using established security brands such as Verisign.

Different markets have different sets of challenges; I doubt very much a user is that bothered about the security used to store her postcode or street address. It’s a different kettle of fish with email addresses, credit card numbers, healthcare data and financial information. This means entire industries (such as financial services and healthcare) have to be ultra-careful.

There are some serious risks if you get left behind. There is a growing trend in users adding security layers and data acquisition blocking systems to their browsing sessions and this is likely to spill over into core browser functionality. If you don’t get your house in order you could find yourself playing catch-up.

Enhanced by Zemanta
  • Jerry Pank

    Even the police don’t know the rules!

    Information Commissioner Christopher Graham said: “I cannot bark at the industry at the moment because I have not got the regulations.”

    However, Mr Graham stressed that the government’s confession that the regulations will be delayed should not be a spur to inaction.

    “My message is that this is not your ‘get out of jail free’ card,” he said.

    source: BBC – http://www.bbc.co.uk/news/technology-12668552