By now you’re probably tired of hearing about Cambridge Analytica, but there is something you may be overlooking; Cambridge Analytica is bigger than Facebook. What matters isn’t just how Facebook adjusts its data privacy approach. Other businesses, including publishers, need to get serious about protecting their consumers’ data.
Any business that operates online has a duty to keep its customers’ and/or visitors’ data safe. But most publishers are not taking adequate steps to protect people’s data. Organizations betray consumer trust in two ways:
- They knowingly use personal data in a way that consumers aren’t comfortable with or informed of, i.e., selling it to a third-party.
- They fail to take the necessary precautions to keep consumer data safe online.
Betrayal #1 is getting a lot of attention right now, but companies and consumers should be just as concerned about #2. Let’s take a look at how you can ensure data privacy for your audience.
Take data privacy and protection seriously
Even in the wake of the Equifax hack, which affected even more consumers than originally estimated, only 39 percent of organizations consider cybersecurity among their top concerns, according to a recent survey. Not only does this put your business at risk, it also suggests that you are out of touch with your users. People are increasingly concerned with how their data is being used online. According to a recent survey by Forrester, 61 percent of US adults expressed concern over how companies are using their personal data.
Keeping audience data secure is about more than being mindful of how you use it. You also have to protect yourself from breaches. Companies that invest more in IT security experience 6.8 fewer breaches and save more than $5 million than those that invest less. You need to prioritize cybersecurity and invest in the resources needed to keep your business and your customers secure.
Be upfront about what data you are collecting and why
Historically, it has been easy to bury how you are using consumer data in dense privacy policies that nobody reads. That is not going to fly anymore. The recently implemented General Data Protection Regulation (GDPR) gives citizens in the European Union (EU) more control over how their data is handled. If you are doing business in Europe, you are legally obligated to be upfront about how you are using data, and to obtain consumer consent. Failure to do so will result in hefty fines. More stringent regulation in the U.S. is most likely imminent. Senate Democrats recently proposed the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act which would impose GDPR-like data privacy rules in the states.
Compliance aside, being upfront about the consumer data you collect is a way to show your audience you respect them. In the marketing world, data is a hot commodity, but never sacrifice user trust for monetization purposes. Explain your data policy in plain English. If you are working with a third party, your audience has a right to know.
Allow users to opt out
Imagine you go to the grocery store and someone follows you down the aisle, jotting down your every move. You confront the guy and he tells you, “Don’t worry! I work at the hamburger factory. We are simply trying to figure out your likes and dislikes, so we can improve our patties and our marketing strategy.” You would probably say, “OK, but please stop following me.” This type of tracking is disconcerting in-person, and it is just as off-putting online.
Let’s take the scenario one step further and imagine the hamburger guy says, “Sorry, I can’t stop following you. If you don’t like it, leave.” Would you take your business elsewhere? Of course! Online businesses need to give users the option to opt-out of tracking they deem too intrusive.
People are generally willing to share personal information in exchange for something, such as rewards or a personalized user experience. If you are collecting personal data, explain how this may benefit your audience. This information can be communicated via a pop-up on your site or email. Many consumers realize that publishers, particularly ones that don’t have subscription models, use data to power their advertising, and that advertising subsidizes the content. That said, if people feel uncomfortable with how their data will be used, there should be an opt-out option with the simple click of a button.
Post Cambridge Analytica, Mark Zuckerberg rolled out a new privacy control called “Clear History” that allows users to opt out of browser history tracking. This means Facebook will lose out on some data it could be selling for advertising, but it is worth it to win back consumer trust.
Encrypt your data
Encryption is a way to protect consumer data either while it is stored on a system or device or while it is in transit. Encryption comes from the Greek word “kryptos,” which means hidden or secret. When you encrypt data, you transform it so that only the intended parties can read it. This is all done automatically using encryption technology.
If you are not encrypting your data, you are basically a prime target for cybercriminals. Should they infiltrate your network, it would be easy for them to use the information they find. On the other hand, if your data was encrypted, the criminals would not be able to use it, or they would at least have to work harder, employing nefarious decryption tactics to interpret it. Encryption doesn’t guarantee fraudsters can’t interpret your data, but at a minimum, it slows them down and deters them from making future attacks.
Use TLS certificates
Transport Layer Security (TLS) certificates are digital certificates that authenticate the identity of a website and encrypt information sent to the server. They are used to ensure a secure connection and protect user data. TLS certificates are particularly important when users need to share confidential information, such as an address or credit card number. Consumers can easily recognize these sites as secure because they begin with HTTPS:// instead of HTTP://.
Starting this July, Google Chrome will flag sites that do not use SSL certificates as unsafe. If people receive this notification upon trying to visit a site, it will deter them from sharing personal data. They may not visit the site at all! Failure to use TLS certificates also negatively affects your Google ranking and compromises users’ trust.
Hire an IT expert or partner with an IT firm
Do not skimp out on IT. Work with an expert to assess your approach to cybersecurity and take the necessary measures to improve it. This person or firm will ensure you are firewall-protected, using appropriate data backup methods, and that your in-house data sharing policies do not put consumer data at risk.
Publishers should not give away user data without consent, but failing to protect that data from cyber breaches can be just as detrimental to their audience, and the publisher’s reputation. Many businesses are not taking enough steps to protect data, either because they are not aware of best practices, or they don’t think data security is worth the investment.
For publishers, competing with the likes of Google and Facebook is challenging. Ofcourse, you are looking for ways to save money and drive the bottom line. But data privacy is not the place to cut costs. To maintain audience trust, you must be open about how you use consumer data and take every means available to protect it.
Cambridge Analytica may be the wake-up call we need, not just for Facebook, but for all organizations that operate online.
I’d love to hear your thoughts. Do you think publishers are learning from Cambridge Analytica? Are they investing enough in data privacy and protection?