BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Data Privacy Abuse Continues Because We Struggle To Define The Problem

Forbes Business Development Council

Chief Strategy Officer at Zoho Corporation overseeing strategy, channels, and various marketing and operational efforts.

Data privacy and data security are not interchangeable terms, though the two are connected. Bad privacy practices, for example, can lead to security vulnerabilities, and vice versa. Take any number of recent breaches — Zoom, Twitter, Capital One, Nintendo — as examples of how some security flaw or employee or customer misstep can lead to the exposure of private data (home addresses, social security numbers, phone numbers, banking information, etc.). However, businesses cannot use the same tools to combat hacks and leaks as they do to stem data privacy violations.

Data security is well understood to the public, likely because security breaches follow a straightforward narrative. Anyone will tell you that hacks are dangerous and that businesses need to fortify themselves to stop them. You won't hear as often that embedded code on business websites used to track customers, visitors, and employees without their knowledge or consent is a serious problem, or even that the practice is a problem. According to a recent survey commissioned by Zoho and conducted by CRM Essentials, nearly 64% of U.S. and Canadian business leaders surveyed said they know tracking happens on their sites, but they don't inform visitors. W3Techs found that 44.9% of all websites use cookies. At Zoho, we anticipated that tracking would become an issue for data privacy. With this in mind, we removed all third-party trackers from our business applications with the hopes that others would follow suit.

It's difficult to quantify the cost of privacy abuse to an individual or a business. Harder still is identifying who is at fault. Are we all complicit in the crime? In other words, is the market just responding to our desire for convenience, or are certain companies acting in bad faith? These are difficult questions to answer. Perhaps for this reason, I continue to see confusion about data privacy and its distinction from cybersecurity. Understanding the main differences between the two, while also examining their connection to one another, will help companies take precautions to avoid data-privacy abuse and ultimately win out in the court of public perception.

What Is Data Privacy?

Data privacy is a subset of data security that is concerned with governing how user data is collected and disseminated online. Everything from which websites a person visits to what ads they click on to what they search for — and even how long their cursor hovers over a particular item while they're shopping online — is profitable information to marketers, retailers and technology vendors. They can use this data to deliver targeted ads, bolster AI datasets, inform marketing campaigns, bring in new customers, and more generally anticipate consumer behavior down to the click, the second and the person. This is not a new practice, nor is it a niche practice, and despite the huge potential for abuse, it's largely unregulated. Without consensus — an agreed-upon right to basic privacy online — there will continue to be abuse and distrust.

Who Gets Hurt?

At a high level, website cookies and embedded code that track user behavior could be considered a form of surveillance. There are microphones and cameras in smart appliances connected to the internet throughout our homes and offices, and many are always on. Having more and better data on potential customers is seen as a competitive advantage in today's business landscape. The value of all this data has caused the proliferation of tracking, leading more companies to gather more data on more unsuspecting people. I believe everybody gets hurt if companies violate a basic right to privacy to line their own pockets.

Adjunct Surveillance

The potential for tracking and surveillance goes beyond smart products found in our homes and offices. It is now commonly found in applications and on websites as a form of adjunct surveillance. Adjunct surveillance, as Zoho's chief evangelist calls it, is the practice of monitoring data and activity through third-parties, cookies and trackers embedded in the software or website. Take videoconferencing tools, communication tools and others. In my experience, many of these software solutions stamp on privacy contracts that divulge their collection of data but fail to explain what they plan to do with it. Businesses have been left questioning not only if their data is being sold, but also how it's being securely stored.

Is Anyone Trying To Stop Tracking?

Yes and no. There are regulations in place, like GDPR in Europe, that attempt to define what personal information can be lawfully collected, stored, and shared. Earlier this year, the California Consumer Privacy Act (CCPA) redefined the data rights of California consumers. And just recently, Proposition 24, the Consumer Privacy Rights Act, passed. It boosts some of the CCPA's regulations. Still, these regulations are primarily focused on consent, notification and transparency. For example, under GDPR, visitors of a website are now notified if that site wants to use cookies to track their behavior. In order to restore data privacy in earnest, I believe the data economy needs a rethink and businesses need to be de-incentivized from tracking users in general, not just tracking them surreptitiously.

What Can Businesses Do To Protect The Privacy Of Their Employees And Customers?

Businesses should first be transparent with employees about how the company and its software collect data. Additionally, security tools such as encrypted solutions, multifactor authentication for secure logins, and VPNs can protect against security and privacy threats, but until a business stops collecting private user data, there will always be something for hackers to steal. Businesses should make sure to use security software and have dedicated staff who monitor for suspicious activity to help predict attacks and vulnerabilities before they occur.

But if a business is truly serious about data privacy, they should consider removing third-party trackers from their websites. It may seem like a drastic step and one that might hurt sales in the short-term, but it's the only surefire way I know of that business leaders can protect the privacy not only of their employees, but also of their customers and potential customers. Ideas around consent and data privacy are changing, and businesses have an opportunity to differentiate themselves through proactive policy, like removing trackers, before regulation forces their hand.


Forbes Business Development Council is an invitation-only community for sales and biz dev executives. Do I qualify?


Follow me on Twitter or LinkedInCheck out my website