4 Questions by SMBs When We Talk Data Privacy With Them
Data privacy regulations are nothing if not laudable. Customers, particularly in the consumer space, have little negotiating power to safeguard their privacy and require control over their data.
Recently, two significant pieces of legislation have shed light on and purported to hand consumers the reins to the data collected by entities they are dealing with. These are the General Data Protection Regulations introduced by the European Union and bill ‘AB 375’ passed by the Californian Senate and Assembly. Very broadly, both strive to increase consumer control over the data about them and generated by them held by companies. Both pieces of legislation operate on a triple tenet of transparency, choice and control.
For small and medium businesses, particularly those in the manufacturing industry, ‘private customer data’ is not going to be ‘voice data’, pictures or browsing histories. Rather, payment information, business intelligence and analytics data stored in databases may fall under the remit of ‘private data’. And that’s where software development comes in.
Nevertheless, whether you deal with individual consumers or not, as a best practice, it is highly advisable that you consider integrating data privacy controls into your custom software or web design.
We take a look some responses of business owners when the issue of data privacy comes up in their software development and web design projects.
My customers don’t ask for this
That customers have not asked for an audit of their private data does not mean that they cannot do so. Particularly with initiatives with EU’s GDPR and California’s bill AB 375, if nothing else, there is greater awareness about the rights people have with regards to their private data. So, if not yet, your customers certainly can be expected to.
For a small business like mine…?
Cybercrime does not distinguish between large and small firms. And nor does legislation. Just as data breaches can hit small firms, maintaining a repository of private data is something that brings regulatory burden on firms too. Here the line between software development and the human interface blurs. Employees must be trained in handling private data securely and the company should have processes in place to avoid mishandling of data.
Isn’t it going to be expensive?
When you are the cusp of a new project, implementing new standards of data privacy is easier and additional costs are generally a small part of the overall project. Adding data controls to an existing system can be far more time-consuming, depending on how databases are configured, and what cybersecurity re-engineering will be required to facilitate users’ control over their data.
We don’t have ‘personally identifiable information’
Software development has seen a shift from software which deals in PII and software which does not. Instead, with the emphasis on empowering the ‘consumers’ in the PII chain, prudence has dictated that software should at the very least be empowered with some privacy controls. As such, it is much more suited for the evolving (and expanding) definition of PII.
There is a cruel irony in the introduction of data privacy initiatives that have gained steam the world over. Small businesses, which already preface greater respect for their customers’ data due to the much closer relationship with them, are the first to be impacted by the new laws. These require additional software development which puts even greater pressure on their bottom lines.
Whereas big businesses such as social media platforms, at whose activities these laws are actually aimed, have the possibility of circumventing the new regulations due to their international presence. It makes one wonder, even, what useful effect can a law passed in a state assembly have?