by Haidee LeClair, Senior Content & Community Manager
Every day, personal information is monitored, collected, used, and sold. Millions and millions of pieces of information are available, yet too often, protecting data privacy has been overlooked. That’s changed in the last few years with some pretty significant legislation, including reform in the General Data Protection Regulation (GDPR) from the European Union (EU), which went into effect May 25, 2018. Shortly thereafter, new rules in Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), went into effect on November 1, 2018 (the original law went into effect on April 13, 2000). In the United States, California is leading the charge with the California Consumer Privacy Act (CCPA), designed to protect data privacy. It went into effect January 1, 2020. Many expect that federal legislation in the United States is not far behind. Yet data and data privacy and protection have changed in unimaginable ways since COVID-19 spread around the world. Here are a few data privacy considerations you need to think about.
The global information economy was already growing rapidly before COVID-19 hit, and companies know that there’s tremendous value in using and exchanging data. Gathering information is fast, easy, and unexpectedly inexpensive. Meanwhile, much of this data consists of personally identifiable information (PII), which is protected by a growing range of regulations. So what do you need to know about the changing data privacy landscape, and how do we need to think about both the data privacy risks and the role that data plays in responding effectively to COVID-19?
In what felt like the blink of an eye, work meetings, social interactions, education, exercise classes, and shopping all moved almost exclusively online. Obviously that shift included a lot of confusion, stress, and an overdose of screentime. What many have overlooked is all the data that is now captured by organizations operating the digital platforms where we now live. They’re collecting increasingly large volumes of data, and much of it is highly sensitive information. That not only increases the risk of privacy harm for individuals, but also increases the risks of reputational damage and loss of trust for the organizations collecting that data if they fail to protect it.
“Building in privacy by design will help to protect individuals and maintain trust.” -Bernardo Mariano Júnior, CIO, World Health Organisation
Now that life has moved online and organizations are collecting more data, who are these organizations? There are three broad categories:
Established digital platforms, including social media, whose customers are using their services more intensively.
Organizations with some pre-existing digital footprint who are now scaling up to meet new and unexpected demands, such as restaurants adding online delivery services and takeout groceries.
Organizations launching completely new online services.
For all three categories, organizations must build and maintain trust with their customers. This may be a great challenge for those who don’t already have established practices for handling customer data. They likely already know that data is powerful. Used well, it can provide the insights to fuel their organization. But data use can also feel creepy to consumers, which might lead a customer to avoid that organization in favor of another. Essentially, loss of trust and customer churn – exactly what they want to avoid. The second two categories must plan to protect customer data and consider carefully how they can use it responsibly.
Some of the most valuable data today is collected by observing how a user interacts with a platform. Shoshana Zuboff, author and Harvard professor, argues that we live in an age of surveillance capitalism. Our user interactions amount to surveillance, according to Zuboff. The times of day a user is active, the devices they use, or the options they consider before adding an item to their shopping basket all provide rich insights. Companies use this information to build surprisingly detailed profiles, which help them to move consumers towards actions that benefit the company. Collecting and using data carries two related risks.
The first risk to consider is the potential privacy harm to the individual. This might occur when data is used in a way the consumer did not expect. When an organization uses information in a surprising way, consumers often feel like it is creepy, which can lead them to lose trust in that organization. Right now, feeling that way is particularly challenging, because many consumers have little choice but to use an online option in order to comply with social distancing measures. Risk also increases as more people use online services. With more data points, digital profiles become more complete. An organization suddenly knows a lot about you that you didn’t intentionally share.
In addition, services more commonly used in corporate settings are now hosting many new types of digital interactions, from birthday parties to legislative debates. Do the service provider’s existing privacy policies and protections remain appropriate for new types of users? Or do they need to be reviewed?
Second, loss of trust and reputational damage become greater risks to the organization, Policy responses, including the regulations cited above, help address data privacy and protection issues. These regulations play a critical role beyond protecting privacy. Indeed, adhering to the regulations helps build trust between individuals and organizations. What other data privacy considerations are necessary?
As organizations respond to the rapid transition to digital-first experiences during COVID-19 social distancing restrictions, it’s essential to focus on building and maintaining customer trust. A clear, comprehensive approach to data privacy is critical.
It’s inevitable that some of the new data collected is highly sensitive. For example, a government may allow online supermarkets limited access to data on vulnerable people, who can then use that data to prioritize deliveries based on need. That data enables positive outcomes for vulnerable populations. However, despite pressure to move rapidly to solve a problem, it’s vital that organizations ensure the core principles of data protection. By planning appropriately, they can provide transparency and limit the purpose of data use, and continue to govern their data use. This approach builds trust by protecting data privacy, which will help ensure that organizations respond quickly to market needs and emerge from unexpected events like COVID-19 stronger than ever.
We live in an increasingly data-driven world. Each one of us generates a surprising amount of information every day, and businesses are collecting it. While the current pandemic won’t last forever, we can expect that many of the shifts to digital experiences will remain – more employees will work from home more of the time, schools will almost certainly offer more digital and online learning experiences, and friends may find it more natural to connect online. This is why it’s essential for every organization to improve their understanding of the data they collect — and facilitate the safe use of that data. Taking these data privacy considerations into account can help us improve both business outcomes and consumer experiences. What we need to remember is that it’s also essential to preserve every individual’s right to privacy.
Watch this video with Bernardo Mariano Junior, CIO of the World Health Organization, and Malcolm Moore, Technology News Editor at the Financial Times exploring the use of data to optimise the global response to coronavirus.