With increased amounts of available data collection comes a variety of new ideas to use data to benefit customers and businesses. An often overlooked consideration is the need to be responsible with the gathered data.
The advancement of technology has increased the inadvertent likelihood of releasing Personal Identifiable Information (PII). PII, as defined in Wikipedia, is metadata that can identify, contact, or locate a single person, or identify an individual in context. Examples beyond a person’s name include email address, date of birth, passport number, vehicle registration plate, and driver’s license.
One kind of PII, an IP address, is not PII by itself, but can be considered as critical PII if it is linked to another piece of data. This impact from blending data means businesses must know not just the meta data collected, but how metadata is combined when used. Without care personal identifiable information can become the property of identity thieves, damaging a company’s reputation as well as lives.
Adding to the concern is public scrutiny of technology while its usage and capabilities are evolving agnostic of consequences. Technology can provide good or bad consequences, depending on its application. For example, pop up offers use Javascript code tailored to the cookie session, but links in a pop up offer can also lead to a nefarious site.
So what should a small business do in this challenging environment?
If you run a small business, a few tips about data can some basics a small business can take heed to some basic informations and be aware of how to act.
Audit Data Usage
Auditing data usage within the business reveals how information flows to critical activity -- which systems or employees are used regularly, and if so, what analysis is conducted. Employees and processes should be mapped against opportunities that can potentially lead to unintended exposure, such as unintended data access for employees leave the company and removal of outdated data. Ensure that people who no longer should have access to analytic reports are removed. Another useful effort is to audit data relationships where possible. Neo4j, an open source tools, is good example. You can read more about it in the DMN Tech post.
You can also audit how site elements are called each time your website is loaded. A web proxy or "Packet sniffers" such as Charles and Fiddler allow users to view how each site or app elements are loaded into the browser. These tools can also imply where hack attempts have potentially impact site or app performance, slowing down elements.
One bonus tip: Keep an analytic report filtered to the IP addresses of store locations and branch offices. Doing so can help highlight traffic from potential fraud sources.
Establish Data Guidelines and Removal Policy
Establishing guidelines for managing the storage and retrieval of information can encourage employees to level set to agreed procedures minimize shadow copies of information, which can lead to loss data, theft, and miscalculations.
For example, verifying active accounts on email lists can not only eliminate dead email addresses but also detect email addresses which should not receive data and reports. If you are incorporating web analytics tags with monthly email, coordinate a verification of opt-outs when analytic data is regularly reported. The timing of this verification serves as a reminder.
Share Data Policy with Clients and Partners
Your technology and processes keep data secure, but its your policy that establishes how data is used. Let your customers and clients know a policy is in place so that they understand what your business does to protect their information.
When information is requested, make sure there is an opt out procedure for site visitors. They typically seek statements that they are not locked into one vendor. You can also remind them of opt outs for online racking as a convenience. A low percentage of online users exercise the option, but do want the option. Firefox, Chrome, and IE browsers contain a tracking opt-out for users.
Monitor Tech Media Sources for Privacy Regulation News and Assess Its Impact to Your Guidelines
Finally small businesses can follow news from associations wrangling with the downstream impact of legislation as it is considered. Doing so keeps business leaders informed on what impact legislation can have on their operations. For example, the Digital Analytics Association a “Code of Ethics” for analytic practitioners to pledge. The Code of Ethics is a seven point outline of data stewardship meant to establish a working guideline for an organization’s data usage. The pledge was created in 2011 as a response to controversial legislation that contained a wide interpretation of acceptable tracking solutions and could significantly impact digital agencies and corporate marketing departments alike. The most active associations center around media, while the FTC has gradually raised its scrutiny of online activity.
Data security is not only important to data integrity but to business integrity as well. Developing the right processes that match your operation will not only see how to best improve your business but also show your customers your capability in being responsible with their information. Take heed to these tips, and you will save yourself operational headaches, costs, and your company integrity.