Companies worry about privacy for regulatory or compliance reasons. They should worry about it to keep their shareholders happy.
Microsoft global chief privacy officer Brendan Lynch – and ex-pat New Zealander – says staying on the right side of the authorities is a good starting point. But it’s time to see privacy as a way to get a strategic advantage, build customer trust and add business value.
There’s a classic case study on how not to do this. Lynch says a few years ago ISPs in the US and UK realised they were sitting on a gold mine of customer data. By mining the data on their customer’s online behaviours they could build valuable profiles which they could sell to retailers.
Not surprisingly there was a consumer backlash. It was a classic example of how to step over the line of acceptability. The ISPs had to reverse their course, trashing reputations and relationships.
Trends driving customer trust
Lynch says five trends drive the need to secure customer trust on privacy.
- Ubiquitous computing. Computers are embedded in other devices. This changes privacy dynamics. You’ll find them in smartphones, cars, home automation hardware and wearable devices like Fitbit. Lynch says the number of devices with an IP address is increasing at a massive rate.
- New modes of interaction. The way we use computers is changing. It’s no longer just about a keyboard. They are touch enabled, speech recognition and other more natural experiences such as Microsoft Kinect which can recognise faces, gestures and biometric data.
- Big data and the shift to the cloud means the amount of stored data grows exponentially.
- Ability to customise experience. Lynch says this will transform sectors like health and education, but customisation comes at a privacy cost.
- Role of government. Public sector organisations collect and increasingly use data in similar ways to the private sector. Agencies have learnt they can deliver services more efficiently by collecting data and sharing it with other agencies. A new twist on this is that there’s a growing body of private sector data public agencies could use.
Lynch asks organisations to consider how they can be good stewards of the data they collect, how they can keep the promises they make and to keep up with the growth in data. He also says there are issues with keeping users informed about their privacy when policy documents get ever more complex.
So how does Microsoft deal with privacy?
Lynch says it started 11 years ago with its Trustworthy Computing Initiative. It was a company wide programme of building security, privacy and reliability into products and services.
Today the company has 800 full-time privacy professionals – about a third report directly to Lynch, the rest work in divisions around the company. He says Microsoft publishes its internal privacy standards.
Microsoft’s move from being a software company to selling devices and services presents new challenges. Lynch says the company has been in services since the 1990s with products like Hotmail and has learnt to ask questions like “are operating the service securely” and “are we keeping the promises we make to customers”.
Privacy is too complex for many users. Lynch says people don’t have the time or motivation to read consent notices. So there’s a move towards placing more accountability on organisations and an increased emphasis on fair use ideas.