This week, news broke that China is developing facial recognition technology that could identify people even when they are wearing a mask.
Meanwhile, data privacy experts continue to warn us to that we need to be afraid for our privacy on the internet.
As well, news recently broke that the CIA has secretly been spying on encrypted business communications.
So with all these violations of data privacy going around, where does that leave you, as a startup leader?
Should you be concerned about user data privacy?
The regulatory case for data privacy
California and the EU have both passed laws controlling how companies can collect and manage data, with fines due if you break the rules. .
The ethical case for data privacy
Aside from regulatory reasons to care about data privacy, there are also ethical reasons to pay attention.
Algorithmic bias immediately comes to mind whenever the ethics of data & privacy come up. AI bias is notoriously pervasive and there’s no doubt that surveillance impacts communities differently, both domestically and abroad. When you think about the commodification of privacy and how that confounds the already difficult work of data professionals, you can imagine how there have been a few embarrassing failures.
Consumers, as well, have strong concerns about privacy too, even though for the most they don’t understand it. Speaking in broad strokes, consumers tend to favor more government regulation, as they are concerned that businesses aren’t doing a good enough job protecting it by themselves (or anyway, they tend to suck at explaining what it is exactly that they are doing).
Best practices for protecting data privacy
First, delete worthless data. Do not log everything. Only keep data so long as it’s valuable to hold on to it. Don’t let fear of deleting something useless allow you to pollute the environment with noise that nobody has time to pay attention to.
Second, make sure you limit who has access to data. More importantly, keep good audit logs. The fact is, security breaches happen. Given enough time, you will be hacked. Don’t skimp on data lineage. Don’t take shortcuts on data access governance either. These things matter and they’re worth slowing down for.
Third, invest in your organization’s data fluency and consider bringing in some data privacy experts to help you. If you want to protect the privacy of your customers, it makes sense to invest in your employees’ abilities to protect it. Too few organizations do.
Where to next?
Data privacy is a massive topic and there is a lot to discuss. In a week or two, we’ll circle back and discuss differential privacy, as well as some other techniques that can help you protect user data privacy. Stay tuned!