On the most recent episode of the Corporate Data Show, I sat down with Harrison Tang of Spokeo and got really personal. And then professional. And personal again. That’s right; we’re talking about B2C and B2B data.
Specifically, we’re talking about the ethics of combining personal and professional profiles when compiling data. This can be risky because with a breach of strictly professional data, the persons involved will not have their personal life put on display or affected. However, if you’re storing them together, there is an increased security risk that has to be considered, so as to not negatively impact anyone involved in your datasets.
Read on to learn more about the privacy paradox, ethical considerations in data compilation, and how often bears wake up during hibernation.
The privacy paradox
One of the first things you need to understand before discussing the ethics of storing B2C and B2B data together is the privacy paradox.
We do this for a couple reasons. The first is that those privacy policies are long, and nobody likes reading long documents full of legal jargon. So, we just click through them and hope we didn’t just sign away our first-born child or something. The second is that, because of our extreme reliance on technology, it’s virtually impossible to avoid providing access to your personal data and still live what is now considered a “normal” life. So, even if you truly care about your privacy, you have to make sacrifices.
All this means that any and all data you’re collecting (assuming you work above board, which you should) was collected because the people it concerns agreed to have it collected somewhere along the way. They might not realize they did so, but they did nonetheless. So, once that’s happened, you can legally collect and store the data however you want.
But, we’re not done with this discussion yet. If there’s one thing we’ve learned in life, it’s that just because something is legal, it doesn’t mean it’s ethical.
So, is it ethical?
While people may be signing away rights to their personal info willy nilly, we shouldn’t underestimate the importance of this data. Depending what kind of data you’re collecting and storing, a breach could lead to any number of issues for those involved, ranging from inconvenient to downright dangerous. Take this simple example, for instance: you store email data and experience a breach. Now, everyone on your list is susceptible to phishing attempts, and if just one person clicks on the wrong link (which they will), you now have someone out there downloading viruses or giving up even more important info because your data wasn’t secure. And let’s not even get into what would happen if you’re storing even more sensitive details that could open up routes for identity theft. You get the picture: collecting and storing this data may be legal, but again, is it ethical?
We hate to hit you with a non-concrete answer, but it really just depends on who you ask. Some people would claim that the security risks are too great to permit the convenience and integration that storing B2B and B2C profiles provides. Others, such as Harrison Tang, believe it is ethical, because there are ways to minimize this risk.
Tang explains that identity is comprised of two main parts: knowledge and access. The first, knowledge, is the info itself: a person’s name, occupation, address, schedule, favorite color, etc. Pretty straightforward. Tang goes on to say that there’s nothing unethical about knowledge itself, which most people would agree with. The second, access, is where things get dicey. As long as people with good intentions who were legally permitted to see that data are the only ones seeing it, we’re all good. The trouble comes if or when it falls into the wrong hands. As such, effectively controlling who can access that knowledge is the key to ethical storage of data.
Enter access management.
What is access management?
As you might expect, access management is the practice of controlling who has access to certain info. But we, of course, need to throw some fancy marketing jargon in here somewhere. In an interview with CSO, Yassir Abousselham of Okta defined access management as an effort to “grant access to the right enterprise assets to the right users in the right context, from a user’s system onboarding to permission authorizations to the offboarding of that user as needed in a timely fashion.”
You’ve most likely got loads of experience with access management yourself, even if it’s at a rudimentary level. Any time you enter a password for an account of your own, you’re engaging in a humble form of access management. If you’ve ever been part of a company that has a database only employees can access, that was even closer to what we’re getting at with larger scale access management in data storage.
So, in layman's terms, access management is just making sure the right people see the right stuff, and the wrong people never see the wrong stuff. So, how do you do that?
How to best manage data
Well, you’re probably tired of hearing us say this, but managing data in the best way possible is really tricky. One of the main reasons for this, though, doesn’t even concern technology or security software. It concerns people’s brains, which are much harder to understand than computers, if you ask us.
Temporality and other big words
As Tang tells us, privacy preferences are temporal. No, not the sushi. (Sorry, terrible joke. Forget we said that.) Basically, that’s just a fancy way of saying they change over time. So, a person’s privacy preferences today will likely not align with their privacy preferences in a month, or six months, or a year, and so on. So, how do you build software that predicts that? Can you build software that predicts that?
The Bad news
We’ll tell you what we told our podcast listeners: unfortunately, these questions don’t have easy answers. But, the most likely answer is: no. It’s pretty much impossible to build a software that can predict the privacy preferences of every single person whose data it contains and adjust accordingly. So, that brings us back to basic access management and increased security measures.
The good news!
Luckily, there are loads of ways to improve your security measures, starting with you. Be sure you’re using different passwords for everything. In addition, use multi-factor authentication (MFA). Vet new employees and train them to use different passwords and MFA as well, and also instruct them on avoiding phishing attempts and sharing links with the proper permissions.
Once human error has been addressed, look into what security softwares you have in place. You should implement not just one, but at least two firewalls. This can usually be done by renting it through a FWaaS provider, as they generally provide a backup. In addition to double firewalls, you should be encrypting data at multiple levels as well as automating the backup process. If you ever do experience a breach, you can immediately nuke the files the hackers have accessed (assuming you can still get to them), knowing you have your data backed up. In addition to these measures, you should employ advanced email filters and, of course, invest in good malware and virus protection.
Finally, never assume you’re safe because of your size or the type of data you store. It’s been shown that hackers tend to prey on unsuspecting victims for this exact reason. So, no matter what, follow the above steps and you should be in good shape.
Okay, so where does that leave us?
At the end of the day, most of us can agree with Tang’s belief that knowledge in and of itself is not unethical. However, we also most likely all agree with the point that it can become unethical if it’s being used in the wrong way, such as to hurt someone’s image or compromise their safety. So, managing access to all the data you’re storing as securely as possible is the best way to ensure ethical compilation of B2C and B2B data. Whether this is through encryption, multi-factor authentication, etc., it’s what you should be focusing on.
There are lots of tools out there that can allow you to do this, and as a data reseller, we use some ourselves. If you’ve got any questions about that, we’d be happy to chat. Just go on over to our contact page and write us a little love letter. (We’re serious. If it doesn’t start with “My dearest,” we’re not answering it.) In the meantime, be sure to check out our other blogs, the Corporate Data Show, and our LinkedIn for more hard-hitting tips on how to improve your workflow and make more sales.
The Corporate Data Show is a podcast to helping marketing and data professionals leverage data to generate revenue for their company. To listen to all of our episodes, visit the Every Market Media podcast page or your favorite podcast player.