By Benjamin Siegel.
Data privacy is a term known to most people. The common understanding that your personal information should only be used in ways that you are comfortable with, and don’t expose you to risk from bad actors, is straightforward. However, it is not unusual for individuals operating in their professional lives to either forget or forego this idea. The fact that some organizations do things that we would see as unseemly or a downright violation of our privacy shows a disconnect between how we treat others and how we want to be treated.
Have some Empathy
Empathy—the ability to actively see yourself in the place of your consumers—is key to protecting data privacy when considering the use of their information by your organization. The so-called “Golden Rule” we all learned in elementary school is rather appropriate in this case. Think about examples of companies misusing customers’ personal information and you will often hear comments or read editorials about how this use of data is unfair, inappropriate, or creepy, especially when we get into the world of the artificial intelligence. As privacy professionals it becomes our responsibility to consider how others would feel about the use of their data.
What’s in your Fridge?
An example I often cite during classes I teach considers a hypothetical appliance manufacturer. This company makes a new refrigerator that uses internal sensors and cameras to monitor the contents and serves advertisements on an external screen. For some people this seems like a neat idea, letting you know when you need to buy more milk or juice and getting deals or sales displayed on your fridge.
However, think about what other things people keep in refrigerators. What happens if someone with medication in their fridge gets ads, such as a diabetic with insulin, gets ads for weight loss products? What about someone who keeps beer in their fridge and regularly gets advertisements for alcoholic recovery groups? Both of these could be considered highly offensive, and while they may not be illegal, they could result in blowback through negative press.
For the above example, the team at the appliance company would need to consider a much wider range of options that people other than ourselves may keep in their fridge. This would help to identify processing activities or aspects of this project that might be considered inappropriate or privacy-invasive. When we find something objectionable, we should find a way to either fully prevent that negative impact or place mitigations to minimize those impacts. With privacy, these negative impacts are often categorized as risks. It is sometimes difficult to avoid all risk, but we should always invest maximum up-front effort to identify potential risk and plan mitigations when unavoidable.
Overall, privacy is a preemptive practice. We are trying to consider what issues will arise, then try to prevent them. Actively keeping empathy in the mix will greatly assist in proactively warding off risk. The next time you are planning to use someone’s data, be it for a marketing email or to analyze trends, think about what risks are possible and how you would feel should your data be used that way. By taking this precaution and doing our best to prevent unnecessary, unreasonable, or inappropriate use of information, we succeed as privacy professionals.
About Benjamin Siegel
Benjamin Siegel, FIP, CIPM, CIPP/US/E, serves as a Senior Privacy Consultant at Privacy Ref, a leading consultancy dedicated to helping businesses develop and implement privacy policies, procedures, and technology to address regulations and employ best practices for handling customer data. Benjamin's expertise centers on operational privacy for organizations, implementation of Privacy Impact Assessments, Data Subject requests, developing privacy programs from the ground up, and providing research and advice on addressing the various, sometimes conflicting privacy requirements for marketing departments.
Benjamin also leads training and vendor partnership efforts at Privacy Ref, contributing to the analysis, learning, and implementation of various privacy tools to aid clients in their utilization.