Real opportunity exists to create differentiation and set new “community standards in honoring the spirit of personal privacy and property rights while enhancing and protecting the value of a brand and enterprise. Some policy questions to be considered:
- Do customers understand how our company uses the data gathered from their interactions and transactions?
- If customers knew the full extent of its use, would they agree to it?
- Does our enterprise have the capability to remove customer data if requested or required?
- Has our enterprise assessed the potential consequences of pending data usage regulations, legislation and lawsuits? Are the potential franchise or reputation risks mitigated? Does the board of directors agree with our assessment?
- Are controls in place that increase the likelihood that data collection platforms are used appropriately? Are metrics gathered and shared with our executives and board of directors that confirm that we are not impairing our brand or franchise? Is our enterprise empowered to enforce appropriate usage?
- Does our organization use external data, and do we have the actual usage rights? Are we infringing on personal property rights in any direct or indirect way?
- Do we monitor our site to prevent outside companies from tracking customers without our knowledge?
- What exposure do we have to inaccurate data regarding individual subscribers?
Operations and Compliance
- If customers chose to opt out, or if we are required to offer this option, how will it impact our franchise? Do we have the capability to remove their information from our databases?
- If we were forced to compensate customers for the data we gather or have gathered from them, how would this impact our business model?
- Does our compliance function appropriately address data rights, or is it narrowly focused on data security and data privacy, such as personally identifiable information (PII)? When can data be subpoenaed if stored in country X while reflecting actions in country Y?
- Does our organization monitor for direct and indirect misuse of our data and data platform?
- For each country the company operates in, do I understand and follow the societal norms of property and privacy rights? Do we understand and are we responsible for where data end up being used?
Source: Gold Rush by Thomas Galizia, Trevor Gee, Ken Landis | Deloitte Review