Skip to main content

Columbia Business Monthly

Preserving Trust: Tips for redefining privacy for you and your customers

By Tom Martin

Since the Cambridge Analytica/Facebook scandal first came to the public's attention in March 2018, the questions surrounding data privacy, especially on social media channels, has grown exponentially. 

In case you've already forgotten, Facebook admitted at the time that Cambridge had acquired data on some 50 million Facebook users without their permission. The story opened a Pandora's box of other revelations about how freely user information was being sold to advertisers or shared in different ways without the users' permission or awareness.

These revelations sparked a debate, that is still very much underway, about what constitutes privacy in today's world of cookies, data mining, click bait and likes. It has put some of the world's richest companies—Google, Facebook, Amazon and Apple—under the spotlight in a way they hadn't previously experienced. Leaders of these companies, like Mark Zuckerberg, have become regular fixtures at Congressional hearings, much like tobacco company CEOs were in the 1980s.

But the questions raised by this controversy aren't confined to the biggest players in the tech world. Every business—large and small—should be re-thinking its policies surrounding privacy and data security and how customer and employee relationships are being re-defined in this new era.

One of the first questions you should be asking is: How are you protecting your customers' data and privacy? Customers are more concerned than ever about hacking and the protection of their sensitive data, including credit card account numbers, passwords and personal information. Are you using a proprietary smartphone app in your business? How secure is the data collected through the app? Are you using location-based services to track customers? Do you monitor their activity on your website, and if so are you sharing or selling this information to others? How is your company using social media channels, and are you completely aware of how data relating to your customers and prospects is being used, sold, or shared by third parties? 

In any of these cases, how transparent are you with your customers about your practices and those of third parties you use?

Companies sometimes feel they can hide behind privacy statements, or terms of use agreements on their websites. Legally this may be true, but how well will your policies hold up in the court of public opinion? Ask Wells Fargo, Target, Home Depot or a host of other companies how much their reputations suffered from data breaches with their customers. They no doubt had legal protections in these cases, but that didn't shield them from reputation damage when the news hit the fan.

There are other questions about privacy issues relating to your employees. How are you managing their on-line privacy? Do you monitor their on-line activity in the workplace? How about when they are away from the job? 

Some companies now routinely require current employees, and even those applying for jobs, to share passwords so that they can monitor their social media activity. There are certainly legitimate reasons for companies to be concerned about what their employees may be sharing about proprietary company information. They may also want to be aware of public positions employees may be espousing that are contrary to the organization's core values. Like it or not, if a social media user's company affiliation is public, that person's stance on controversial issues is inevitably linked to the company itself.

Employers should be clear, consistent and transparent in discussing these issues and policies with employees. It is getting tougher and tougher to separate our work lives from our personal ones. But these issues don't disappear just because they aren't discussed honestly and openly.

According to Pew Research, 70 percent of all Americans are now using social media channels on a regular basis, and the number is closer to 90 percent among younger audiences. In one Pew survey, more than half of those responding stated that they lacked confidence in how social media sites were using their information. And in a similar survey last year fewer than 10 percent expressed confidence in social media companies protecting their data. 

The major social media channels face an existential dilemma in that they derive a significant percentage of their revenue from advertising dollars that are directly related to user data they collect. Their great challenge is to balance this need to generate profit from the popular applications they are providing with the requirement to preserve trust with the customers they serve.

The European Union took on this issue last year by implementing the General Data Protection Regulation (GDPR) and it has already changed behavior by both European and U.S. companies as they seek to comply. But every business should be examining its own approaches, with or without similar U.S. legislation. Earning trust from customers and employees may be the starting point, but preserving that trust requires an ongoing commitment.