Customers are taking the time to read privacy policies in full.
Transparency adds value; but in the present data 'climate', global data laws such as the GDPR and Australia's NDB laws, it can also strip economic value. Legal non-compliance, or an unwillingness to be transparent about any data breach incidents can result in reputational and economic losses.
App-lying the same rules
From the 3rd of October 2018, Apple will require all new apps, including updates to current apps to include a link to the developers' privacy policies.
This is a widening of a rule which only applied to subscription-based apps, but will now apply to all apps. While this is a positive change towards accountability for developers and the companies they work for - the link does not need to be included from the commencement date for incumbent apps. It only becomes a requirement to include the link with their first update to their app from the commencement date.
The Need to Know
As the linchpin of data security compliance, privacy policies have to be clearly worded and formatted. These policies must be freely available, and outline:
- What information is collected
- The ways in which it is collected
- Obligations as a Data Controller and/or Processor (GDPR)
- The use of the information, particularly sensitive information
- Relationship with, or distribution to any Third Parties
- Disclosure and Security measures relating to the information (these can vary between your publicly available policy, and one made specifically for End Users).
- The End Users' entitlements to access their information; and
- The measures an organisation takes to maintain the quality of the information
- Contact details for any enquiries
Variants of the phrase "data is the new oil" are appearing more frequently, as an attempt to quantify data. In IBM's "Cost of a Data Breach" 2018 Report, the value of an individual record lost (as part of a data breach) is US$139. The differences are slight in some areas and vast in others:
|Finite resource||Infinite resource|
|Has globally accepted value||Does not have globally accepted value|
|Easier to monetise, apportion||Value is subjective|
|Palpable, quanitifiable||Border-less, form-less|
|Can be sold and re-sold for a profit||Can be sold and re-sold for a profit|
|Not a literal currency||Is a key component of cryptocurrency|
|Price can fluctuate in instances of conflict||Considered a spoil of cyber-crime|
|Supply dependent on ability to source and process||Supply dependent on ability to generate, process and secure|
Whether data is viewed as a resource, currency or both will only perpetuate its subjective value. This goes without discussing the cost and profits of cyber-crime, the dark web and ransomware-as-a-service.
To effectively monetise and remain transparent, requires the investment of time and money. While the value of the data generated and processed by businesses is not universally agreed upon, the risk of non-compliance or not being transparent will prove more costly.
- The Verge