The “Data Customization and Privacy -- Can They Coexist” panel at South by Southwest Interactive (news, site) explored the risks and challenges of collecting data from consumers. As increasing amounts of user-centered content is collected, organizations drive business workflows based on user details. Technologies such as the semantic web make it possible to link disparate pieces of information about users. A privacy or data protection mistake could result in significant issues for technology leaders.
Gerard M. Stegmaier, attorney for Wilson Sonsini Goodrich & Rosati, said, “Once personal data is out of the box, it’s out of the box for good. It can’t be put back in.”
Organizations can’t stop collecting personal data. The business value of consumer data is too high, and consumers have come to expect personalization, so technologists must find a way to safely support it and ensure legal/regulatory compliance. As adoption of technologies such as web 2.0 and web engagement management increase, so does the enterprise risk and accountability for the collection, use, disclosure and stewardship of personal data. Many enterprises have learned this the hard way:
- A pharmacy sent a group email to notify customers that it was time to get a drug refill, exposing health data between a group of strangers
- The CTO of AOL resigned after the company (allegedly) accidentally released 20 million keyword searches for more than 650,000 users
Today, organizations don’t just have a corporate website with a customer form. Enterprises are engaging via social media, collecting location data from mobile devices and interacting in ways that weren’t conceptualized a few years ago. The environment can be overwhelming for those who have to enable implementation, but, according to the panelists, a number of steps can be taken to be better equipped for managing personal data.
- Identify and assign one or more resources to address privacy and data protection. Addressing personal privacy requires collaboration between legal, marketing, IT and other areas.
- Understand what exactly what data is being collected, how it is being used, who will have access and how long it will be retained across all channels.
- Invest in privacy and data protection training.
- Ensure that an incident response plan is in place in the event something goes wrong.
As technology evolves, so will concepts of privacy. Insightful technology leaders should not assume that, just because they collect or host personal data within their system, they are free to use it however they desire. When it comes to personal data, everyone has something to say -- consumers, regulators, privacy advocates, technologists, legal and marketing -- and it's in your best interest to listen.