Some events in the past few months have thrown up risk issues that companies need to handle effectively. Corporate leadership, be it at a management or board level is generally concerned with the risk of governance, financial reporting and product & solution efficacy towards customers.
However, I see, customer data sanctity and security to be one of the biggest risks that corporations need to address immediately. It is my view that many of us are not ready to face this challenge.
I mentioned in my last article that today’s boardrooms are ageing, and often millennial-led technology disruptions are not well understood by old generation leaders. With accusations of Facebook trying to ‘weaponize data’, one of the world’s most admired tech-disrupted company and its iconic leader Mark Zuckerberg faces the biggest test of credibility and integrity.
I often wonder, how such an important aspect of customer data privacy was ignored by a company of FB’s stature that has activist investors like Peter Thiel on its board. Governments and regulators around the world have called the company for various clarifications, with our tough Singapore government session being admired globally.
Let me return to the larger issue. Are corporations across the globe ready to address customer data usage risk issues? Vast amounts of personal and corporate data are available to businesses and can be misused. When I use the term ‘misused’, I am not talking about data being stolen, hacked or breached by a third party; it is about how an organization uses, secures and respects an individual’s data through consent and transparent data trails.
Do we have standard guidelines or policies across the organization to ensure that for every external data that the organization receives, it ensures a transparent manner to tell the owner, furnishing information why and how it will be used? Facebook’s biggest oversight was to use data it had collected without the consent of the owner. Indeed, most organizations are not ready to even understand the concept of consent.
For example, to open a bank account, we need to furnish our date of birth or our permanent address or our spouse’s name. The bank cannot use or share this information for any other purpose other than the original purpose of opening the bank account. But in case the bank uses this data surreptitiously to design a product like insurance or share (sell) this data to a third party without informing you, it becomes a data usage integrity issue.
Any data that organizations receive from customers in the course of conducting its business cannot be used for any other purpose without consent. How many organizations or employees are even sensitive to such misuse of data?
Facebook’s data was misused by a third party to profile the emotional and political leanings of individuals. This analysis was then used to bombard information that was sympathetic to further the electioneering cause of candidates who hired its services. For senior leaders, it is important that sanctity of data, especially, customer data, and its transparent use with consent is integral to the standard operating procedure for any company.
In today’s digital world, online users leave behavior trails and data footprints unwittingly. Therefore, collecting or misusing such activity in a one-sided manner is unethical and avoidable. Organizations need to create a customer data usage policy and sensitize employees to adhere to it as mishandling data can mean insurmountable losses for the company.
Most organizations in the past decade or so have secured intellectual data. The next step is to use customer data, especially, personal information, in an ethical manner. While service sector businesses need to be more alert, industrial and manufacturing organizations too are prone to such breaches. At the end of the day, even B2B organizations handle large volumes of data, especially when they try to connect with customers and prospects in the social media or online platforms.
Corporations and boards need to rise to the challenge to ensure that customer data integrity is built into and part of the risk assessment program of the organization. Or else, many of them may go the Cambridge Analytica way, the harvesting partner of Facebook data, whose growth to oblivion seemed to match the speed of internet, once the controversy came to light.