Initial Feedback on Data Privacy
I’ve heard from several people on the data privacy questions from yesterday (more here if you missed it) and it seems like this is going to take some work to define and get through. The feedback has been nervous, but of one of two camps:
A. get your company to formally change and publish your new data use expectations and approaches, and
B. move forward with some initial projects, likely internal only to protect information, and then show how information can be used. Use those successes to show what types of changes are needed.
I certainly understand both approaches, but I have to say that the "ask permission later" option can really bite you. Be careful of this approach, you can step all over compliance and PCI requirements for your systems. You can also really tick off your users and customer base if they find out you’re going around behind the scenes.
I think too that the process of defining an update to your data use policy will force you to establish the boundaries on what is ok, what’s not. This is critical and not something to take lightly. Think about not only how you will use your information, but others that use your information – what will they do with it once they have it?
It’s worth the time to think through and get buy-in.
I will also say that this is one that probably could use your attention sooner, rather than later. The more data you collect, but don’t define how you’ll use it, the more you’re at risk for surprising (in a bad way) your user and customer base.
Would it be helpful to put together some general outline(s) of data use policies that we could get community input against?
Have you implemented changes? I’d be interested in hearing more and hearing about any gotchas you ran up against along the way.
What do you think? Let me know…