ITRC 2018 End-of-Year Data Breach Report
I continue to believe that most of the data gathering in the real world, and on the Internet, is done by businesses to help you find what you want, protect you, and improve your experience, rather than invade your privacy or scam you. We all just need your help in managing personal data correctly, and making sure you are part of the solution, rather than part of the problem.
That challenge is a major business opportunity, as well as a risk, for startups. I know companies who collect sensitive data from consumers all the time, and still seem to keep a squeaky clean image (Amazon.com, Ebay). There are others, like LifeLock, acquired in 2017 by Symantec for $2.3 billion, now providing identity theft services for nearly 5 million consumers in all 50 states.
But that is just the beginning of the opportunity to provide or take advantage of the new power and tools on the Internet. Here are a few specifics on how to be part of the solution, without the costs, rather than part of the problem:
- Put a personal face and address on your site; don’t hide behind an “info” email address.
- Make your company visible, reachable and responsive through social networks.
- Market your solution and user benefits, not the mysterious technology behind it.
- Use video and audio, rather than jargon, abbreviations, and computer lingo on your site.
- Make navigation simple and consistent, with abundant online help
The good news is that, if your company does it right, it might be another Amazon. There seems to be an insatiable demand from consumers for a better shopping experience, meaning they will pay a premium to a company that can present them a better match in products to their interests, without jeopardizing their good name.
In support of this, despite qualms, consumers seem very quick these days to provide more personal data to get something they want. Young people naively enter their pictures and personal data for fun on social networking sites, ignoring constant feedback from the media that these are bad practices.
I certainly agree that just like in the real world, consumers have to assume that there are always bad groups on the Internet, as well as down the street, trying to rip you off, so stay out of bad neighborhoods, and keep your wits about you at all times. Internet users need to start watching out for themselves, like looking both ways before you cross the street.
The bad news for startups is that your company can lose big if it’s caught in the middle. Late last year, Marriott International disclosed a data breach involving its guest reservation database that could affect as many as 500 million guests., and this black eye won’t soon go away. A few years earlier, Target account information was hacked, and some feel it hasn’t fully recovered since.
Sometimes the problem cause is that startups forget the technical standards and quality processes that every Internet rollout must follow to reduce the risk. Don’t take shortcuts on these. I see lots of new software put together on a shoestring as a “proof of concept” – but then gets rolled out to customers “asis” due to lack of time or money to “harden” the product.
What I learned from a panel discussion a few years ago, sponsored by an association of lawyers, is that lawyers don’t have any answers, and are all too quick to fan the flames of fear and paranoia. They merely highlighted consumer privacy rights, with much hand-wringing about big bad companies that are capturing shopping habits without consumer knowledge on the Internet.
A better approach might be to use your marketing power to tell people that you can now ring their smartphone in front of their favorite store for a special sale, and allow them to “opt in,” rather than surprising them with your new technology. Few people are paranoid about something they want and enjoy.