[Column] Andrew Bourne: Why businesses should ensure data privacy in vendor relationships
Whether we realize it or not, we are being tracked everywhere we go on the Internet. In fact, Internet surveillance is so widely used that several vendors have built businesses worth billions of dollars using this model. The websites and descriptions of these renowned data brokers and aggregators openly display the depth and breadth of the information they gather. However, in plain words, it’s a complete surveillance of our digital life.
An innocent facade with severe privacy risks in the background
Called adjunct surveillance, this kind of on-the-sidelines data collection is pervasive not just among B2C companies but also in the B2B space. Around the globe, businesses may unwittingly be providing third-party service vendors with not only their own data but also that of their employees and even customers. For example, it’s common for businesses to embed third-party tracking services (like Google Analytics, conversion tracking, and DoubleClick ads) in their websites to understand prospect preferences, improve user experience, and also reach a wider audience.
To get an overview about the depth of tracking employed today, simply plug any website’s URL into one of these websites and extensions. The personal data collected by the tracking cookies are usually sold by the third-parties to the highest bidders (usually advertisers) for profit maximization. The information can be used by the advertisers to build a detailed profile about us from our personal preferences to our identity.
Moreover, if the third-party vendor collecting the data doesn’t have robust security, it could result in a data breach that leads to exposure of customer data and sensitive business information. An average data breach today costs US$3.8-million, which can have an irrevocable impact. There are also legal implications. In Kenya for instance, the Kenyan Data Protection Act allows for a fine up to five million Kenyan shillings as well as up to two years imprisonment for companies found not to have taken adequate measures in protecting their customers’ data.
Fortunately, with a little education and by judiciously choosing the right technology providers, companies can keep adjunct surveillance at bay.
Maintaining data privacy in vendor relationships
When it comes to ensuring that the technology vendors your business works with do not mishandle your customers’ personal data, there are several important steps you can take. A good place to start is by choosing vendors that do not rely on ad-based revenue models. Online advertising and data privacy are mutually exclusive. Any vendor that runs a business by displaying ads within their offerings in return for their freemium software cannot guarantee full privacy for you, your employees, and your customers.
It’s also a good practice to check whether your vendors follow a security-first approach to protect personal data such as using robust encryption techniques and securing data transfer channels. Further, a regular assessment of their privacy policies can help you understand if they are as open and transparent as possible about what information they’re collecting, if they follow a clear consent system, and what they use the data for.
Protection over profit
Ultimately, protecting user information should be more important than profit. Any vendor that doesn’t understand that and make it an active part of their policy doesn’t deserve your business as a customer. Not only are they riding roughshod over what should be a fundamental right, they’re actually putting your business at jeopardy.
Moreover, the times are changing. In the backdrop of increased privacy risks, today’s digitally aware consumers are steadily leaning towards businesses that hold data privacy as one of their core value offerings. It’s no secret that present-day customer preferences shape tomorrow’s business reality. In which case, companies that set themselves ahead in this global privacy awakening, and become vocal and transparent about how they handle their customers’ personal data will maintain a competitive edge.
Andrew Bourne is Zoho’s Regional Manager for the Africa region and is based in Cape Town, South Africa.
Follow us on Telegram, Twitter, Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.