Amid the continued proliferation of big data storage solutions, collection techniques and analysis tools, gathering and analyzing vast amounts of customer data is becoming increasingly important to many organizations’ bottom lines. Yet recently the business benefits of big data have been threatened by mounting public concerns about whether these companies and government organizations are keeping their data private.
Startups in particular are facing increased pressure to ensure data privacy and transparency, and show their customers that their data is safe. Companies that are new and little known face the biggest uphill battle in convincing customers that they can keep data private, knowing all along that one wrong move could result in an inability to regain consumer trust or a costly lawsuit. While most startups are well intentioned when it comes to ensuring big data privacy, they often don’t follow the necessary procedures for ensuring their customers’ information is kept private. Making matters even more complicated are the continuously evolving industry best practices for ensuring data privacy, leaving startups without a clear set of “how to” instructions.
Recently, Founders Workbench contributor Elaine Call had the privilege of speaking with a number of Boston-area startups at hack/reduce about what to keep in mind when putting together a data privacy strategy. Even though there might not be a definitive guidebook on startup data privacy that can ensure success, the four main considerations that were discussed at hack/reduce can greatly help ensure data privacy for startups in the Boston-area and beyond.
Privacy policies must be clear and updated
- The kinds of personal information collected and held;
- How such information is collected and held; and
- The purpose for which the startup collects, holds, uses and discloses personal information.
Startups must also outline access and correction procedures, compliant handling procedures, information about cross-border disclosure of personal information that might occur and any significant handling practices around information retention, destruction policies or obligations. Lastly, startups should only collect the personally identifiable information (PII) that is reasonably necessary for the purpose, or related directly to the startup’s functions or activities, and do so with the consent of the customer through lawful or fair means of collection.
Clean data is private data
At the earliest touch points possible, startups should clean their data through appropriate filtering, pruning, conforming, matching, joining and diagnosing to increase their data privacy. This thorough data cleansing reduces the amount of information transferred to the next cache and eliminates irrelevant or corrupted data.
A sound data privacy strategy alone will not help startups gain consumer trust; startups must also convey to their customers how their data is being kept safe. The best way of doing this is ensuring data transparency. Customers must be able to access, review and correct data. Your startup should also be easily reachable and include a contact address in your privacy notices.
Be wary of public cloud contracts and deployments
Public clouds like AWS have been very popular for startups in recent years, but startups in the big data business must be aware that standard security contractual clauses are insufficient for storing sensitive information in the cloud. These contracts must be well-defined obligations for both practices regarding integrity, confidentiality and availability. Before putting sensitive data in the public cloud, startups should consider revising these standard contracts.
Lastly, startups can use public clouds for big data prototyping, and benefit from the public cloud’s fast provisioning and scalability. However, when it comes to a deployment that involves gathering and analyzing vast amounts of sensitive data, organizations should consider private cloud as an option for security reasons.