Does Your Business Conduct Undercover Reconnaissance on Your Customers?

watching you

Last year, there was a story in the news that an international airline would conduct Google searches on its passengers in an effort to create customized experiences for its repeat travelers.

The head of customer analysis of British Airways explained to the London Evening Standard newspaper, “We’re trying to recreate the feeling of recognition you get in a favorite restaurant, but in our case, it will be delivered by thousands of staff to millions of customers.”

This airline is only one business that recognizes the reality created by social media. Any information that exists in the public domain is fair game for anyone to see, snap up, and use. Anyone can be defined as a boss, grandmother, ex-wife or ex-husband, or even a former employer. This may seem inappropriate and offensive, and it might be, but it’s not illegal yet.

So it should come as no surprise that businesses are taking advantage of the public’s fascination of placing their day-to-day activities on social networking sites. The desired data includes check-ins at coffee houses, retail stores, supermarkets, restaurants, as well as family news, updates, vacation plans, and photos.

Therefore, corporate execs are correct. Why bother requesting customer data directly from customers? And why pay data brokers to obtain it when it’s ripe for the picking?

Social media marketers often talk about creating customized experiences for customers in order to create satisfied REPEAT customers, which makes their jobs easier. But there is definitely a line between asking for confidential data, such as, birthdate, anniversary date, place of birth, family member details, etc., versus egregiously taking the information.

While this information gathering may seem harmless, once all a customer’s data has been gathered, the reality is that it becomes fair game for identity thieves. Consider this scenario: What happens if a data breach happens at your company and all of the customer data is stolen? This data was not legally obtained, meaning that the customer did not give permission for you to obtain and store it. So if your network was hacked, would you inform the customer that his/her data was stolen? Unfortunately, state and national legislation has not yet caught up with technology.

So, for all businesses with the means to access customer data in roundabout ways, listen to this warning: don’t obtain more data than you can protect and defend. Once customer data is in your hands, it’s your responsibility to protect it – no matter how you got your hands on it.

David K. Williams and Mary Michelle Scott, the leaders of Fishbowl Inventory Software, wrote in a Harvard Business Review post, “Businesses should clearly obey legal requirements and respect individual privacy.”

And Sean Madden wrote in a post in Fast Company, “Regardless of who gathered it, customers still see it as their data. They expect to be treated like the owners.”

Remember, whatever decisions you make in data gathering, you don’t want any future lawsuits to close down your business.

___________________
Sources for this post:
How One Company Uses Customer Data to Drive Sales
http://blogs.hbr.org/2012/09/how-one-company-uses-customer

How Companies Like Amazon Use Big Data to Make You Love Them
http://www.fastcodesign.com/1669551/how-companies-like-amazon-use-big-data-to-make-you-love-them

Image Credit: debspoons via FreeDigitalPhotos.net.

IBMThis post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.

wordpress blog stats
Advertisements

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Business Process, Data Security, Network Security, Online Privacy, Online Security, Privacy Rights, Social Media. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s