The five core elements of data privacy

TechPolis’ research on personal data privacy, done in partnership with Castlebridge for video technology company Verimatrix, has revealed five core elements of data privacy policies. Combined, these elements form the backbone for privacy policies that empower subscribers of digital services to manage their personal data, making them explicit partners in big data analytics—which will ultimately benefit both customers and companies. So how can companies ensure they’re maximizing access to big data for the good of all?

Transparency

Companies must make sure they are communicating clearly and consistently how data will be used, and do so in an intelligible, easily understood manner. Currently, most companies rely on Terms and Conditions to communicate policies, which is heavy in ‘legalese’ and often brushed over by users. Companies would be smart to take the most relevant points from this legal document and integrate them into the user interface as data privacy reminders, so there are no surprises to subscribers about what the company has access to. It’s also key to stick to your word: the U.S. Federal Trade Commission (FTC) has sued companies that renege on their stated commitments to personal data privacy.

Value to Customer

Subscribers should be able to not only understand clearly how digital service providers are accessing and using their data, but why, and how this brings value to them. Integrating subscriber data into business operations helps improve the quality of services and functionality, as well as target relevant content subscribers want to see. It can even result in increased production of such content, indirectly giving the subscriber more control over what they consume online. Those benefits would not be available the same way if the company didn’t have access to user’s personal data. That case must be made in clear communications to subscribers if companies want their permission.

Control

Once subscribers understand how and why their data is being used, they must have control over the extent to which it is being captured and how it might be used internally or shared with third parties. Subscribers should be able to easily opt out of having specific data points shared with third parties and choose for what additional purposes companies might use their data.

Responsibility/Governance

Services providers must design appropriate mechanisms to ensure responsibility for the handling of personal data, including training of internal and external staff on privacy best practices, contractual controls of any third parties working on your behalf, appropriate technical and organizational controls, and ensuring appropriate internal and external audit practices.

Balance Risk

Data privacy is a quality differentiator. It requires companies to consider risks from both the perspective of the affected individuals and of the organization. For example, if a particular data analytics practice brings high risks for subscribers and little benefit for the company, it should be scrapped. Continuously evaluating and incorporating the perspective of users is essential to build that privacy differentiator customers are increasingly looking for.

Daragh O’Brien, Managing Director of Castlebridge and I developed a white paper focused on those five elements, which you can check out here. What are your thoughts on those core elements of data privacy? Please share with us.