Credit card information. Bank account numbers. Personal information, including ages, phone numbers and shopping habits. These are all pieces of data that businesses collect from customers every day. How they handle this information, and how they protect customer privacy, are serious issues for entrepreneurs.
The debate surrounding privacy resurfaced most recently with CISPA (the Cyber Intelligence Sharing and Protection Act), a proposed law that calls for the sharing of certain online information between tech companies and the U.S. government. Fearing that CISPA ignores a consumer's right to privacy, privacy advocates and technology leaders including Reddit co-founder Alexis Ohanian, launched campaigns against the bill. While it passed a House of Representatives vote, it has been effectively shut down in the Senate, where policy makers cited insufficient privacy protections.
We spoke recently with Jules Polonetsky, director of the Future of Privacy Forum, a Washington D.C.-based think tank that aims to advance responsible data-use practices, on what business owners need to know about customer privacy and managing sensitive information.
What follows is an edited version of our exchange:
Entrepreneur: What's the most important issue to consider when it comes to customer privacy?
Polonetsky:Transparency. Most consumers will be OK with how their data is used if they feel that it is being used for their benefit. When consumers think that their information is being used against them, they push back.
Entrepreneur: How can business owners be more transparent?
Entrepreneur: Are CISPA and other bills like it a positive move for privacy and business? Or a necessary evil?
Polonetsky: CISPA seems dead for now, because it didn't adequately address privacy concerns. But it is increasingly critical for businesses, policymakers and consumer groups to figure out how to get the privacy-versus-security balance right. We need both.
Entrepreneur: What's the most overlooked issue when it comes to business and customer privacy?
Polonetsky: Passwords present the biggest practical challenge today. Consumers can't possibly manage hundreds of different passwords of different types. They end up using poor passwords on sites that don't seem high risk. Also, businesses that don't think their systems are high risk -- say, signing up for a free newsletter with an account -- may not force the use of a complicated password. But the hackers target those systems, because the same password will be the key to the consumer's email account. Then it's one step to reset their bank password.
Entrepreneur: What's an example of a privacy solution the Future of Privacy Forum has worked on?
Polonetsky: Social log-in. Instead of taking time to register and fill in all kinds of data fields, consumers can log-in with Facebook, Twitter and other services. But a number of consumers pass this up because they are concerned that the business will then post to their social network without permission or spam them. The social networks have rules against this, but often consumers and businesses are unaware of those rules.
We partnered with Gigya, [a company that provides social log-in tools to businesses], to create a SocialPrivacy seal. Companies display it to commit to consumers that when you log-in with Facebook or Twitter, they won't use your data without permission. Our research shows that this assurance has helped increase social log-in use, a win for businesses and consumers.
Entrepreneur: How do you see the issues concerning privacy and business evolving?