What business owners need to know about data ownership and security
The right data has become one of the most important business assets of our times and the sheer explosion in the amount and types of data has the power to completely change the way we do business. But there are still significant ownership and security dilemmas that business owners need to be aware of before they embark on any journey to collect and leverage data.
Getting data ownership and security wrong can have dire consequences. The EU will soon be able to fine companies 5% of global turnover for getting it wrong but even despite the fines the reputational damage can be immense. Thanks to social media, scandals and breaches can travel around the world in the blink of an eye, and reputations that took years to build up can be damaged in just a few seconds.
Here are some key things business owners should consider around data ownership, security and transparency.
Think about ownership
If you consider data as a key business asset, i.e. if the business relies on certain data in order to perform everyday functions, then it’s really important that you own that particular data.
This is easy if it’s your own internal data, as it’s already yours, but it gets trickier with any external data. For example, if you’re reliant on another party’s data in order to perform key business functions, and the supplier ups their prices or denies access for any reason, you’re scuppered.
If you can’t own the data you’re using, then you need to make sure that at least you aren’t going to lose access to the data.
Also, if you are relying on data that customers have provided to you, then you need to be aware that new laws give any citizen of the European Union ‘the right to be forgotten’ which means that they can request that you erase any records you hold about them.
This can pose significant risks to companies who have built their business model around customer data.
Secure your data
Data needs to be secured just like any of your other business assets, including your property, your merchandise and hardware. Depending on the sort of data you’re storing, there may well be security and privacy regulations to follow, particularly when it comes to personal data.
Wherever possible, try to use anonymised data so that it doesn’t identify individuals’ details. Where this isn’t possible, you need to ensure that data is kept safe and secure.
Aside from legal requirements, there are reputational and moral reasons to ensure your customers’ data is kept safe.
Data breaches can lead to huge losses for businesses and there have been some very high profile breaches in recent years, such as American retailer Target and British telecommunications company TalkTalk.
Incidents like these – and the many other large-scale data thefts which frequently take place – show that even the biggest companies take a financial hit when they fail to keep their promises about protecting data.
It’s therefore essential to protect your data against breaches. Sensible measures include training your staff so they never give away secure information, encrypting data, and having systems in place that detect and stop breaches while they are happening. Data security is a highly technical area and it’s always a good idea to seek expert help.
As an aside, people used to worry about the security of data stored in the cloud but, these days, it’s often safer than companies storing their own data in-house. Cloud security systems are usually much more up-to-date and the fact that the data is stored in more than one place provides an extra safety net. Personally, I’d recommend cloud storage as a safe and secure option for businesses.
Sadly a lot of data collection practices aren’t very ethical. Facebook, for example, buries a lot of what it’s doing with data in a 50-page user agreement that nobody reads. I think it’s vital that businesses explain to their customers what data they’re collecting and how they intend to use it. Nobody likes finding out they’ve been duped!
If you collect personal information on your customers or employees, be upfront about it. Explain why you’re collecting that information (for example, so that you can understand their needs more fully and provide a better service as a result).
Don’t bury data details in lengthy user agreements or terms and conditions that no one will read. Keep it short and easy-to-understand, and put the information in an obvious place – a few sentences when customers register their details to shop online would be a good example.
Finally, always give customers the opportunity to opt out. Even if this means they can no longer use your service, or parts of your service, it’s far better to give them the choice. Ultimately this makes the data more valuable to you in the long term – it’s no good using data to understand more about your customers if they then leave in droves because they feel you’ve invaded their privacy.
Add value for your customers
When you’re collecting data on people, it’s not just important to be honest about it, it’s a good idea to add value for them – something that makes it worth their while.
Make it beneficial for people to share their information with your business, perhaps through better or cheaper products or services, so they feel it’s a fair and worthwhile exchange. Aim for a win-win for all parties.
If you provide value most people will be happy for you to use their data – especially if you’re able to remove personal markers that link them as an individual to the information. In general, if you can demonstrate that you’re using the data ethically, people will respond positively.
Business owners shouldn’t be put off from using data – the potential rewards and opportunities for business growth are huge. But it is vital to act ethically and securely to lock down your data. This is a topic I explore in more detail in my new book Big Data for Small Business For Dummies (external link).