September 4, 2018

The Value of a Privacy Policy

Customers are taking the time to read privacy policies in full.

A freely available privacy policy is now integral for the trust which I.T. Service Providers need to establish a successful commercial relationship.

Transparency adds value; but in the present data 'climate', global data laws such as the GDPR and Australia's NDB laws, it can also strip economic value. Legal non-compliance, or an unwillingness to be transparent about any data breach incidents can result in reputational and economic losses.


App-lying the same rules

From the 3rd of October 2018, Apple will require all new apps, including updates to current apps to include a link to the developers' privacy policies.

This is a widening of a rule which only applied to subscription-based apps, but will now apply to all apps. While this is a positive change towards accountability for developers and the companies they work for - the link does not need to be included from the commencement date for incumbent apps. It only becomes a requirement to include the link with their first update to their app from the commencement date.


The Need to Know

As the linchpin of data security compliance, privacy policies have to be clearly worded and formatted. These policies must be freely available, and outline:

  • What information is collected
  • The ways in which it is collected
  • Obligations as a Data Controller and/or Processor (GDPR)
  • The use of the information, particularly sensitive information
  • Relationship with, or distribution to any Third Parties
  • Disclosure and Security measures relating to the information (these can vary between your publicly available policy, and one made specifically for End Users).
  • The End Users' entitlements to access their information; and
  • The measures an organisation takes to maintain the quality of the information
  • Contact details for any enquiries

The research required will vary dependent on industry and size of the business and clientele. At this point, a privacy policy becomes the starting point for quantifying the monetary value of the data (of the employees and clients) businesses collect and store. This data is the starting point through which a business like a Managed Service Provider can monetise and profit by providing a specific service.


Monetising Data

Variants of the phrase "data is the new oil" are appearing more frequently, as an attempt to quantify data. In IBM's "Cost of a Data Breach" 2018 Report, the value of an individual record lost (as part of a data breach) is US$139. The differences are slight in some areas and vast in others:

 Oil Data
Finite resource Infinite resource
Has globally accepted value Does not have globally accepted value
Easier to monetise, apportion Value is subjective
Palpable, quanitifiable Border-less, form-less
Can be sold and re-sold for a profit Can be sold and re-sold for a profit
Not a literal currency Is a key component of cryptocurrency
Price can fluctuate in instances of conflict Considered a spoil of cyber-crime
Supply dependent on ability to source and process Supply dependent on ability to generate, process and secure
Data is not necessarily the "new oil". It simply cannot be quantified in the same way as oil, which has enjoyed centuries of success. In 2018, the power of data is dependent on technology and electricity - e.g. gathering, utilising and storing data online, in the cloud. 

Whether data is viewed as a resource, currency or both will only perpetuate its subjective value. This goes without discussing the cost and profits of cyber-crime, the dark web and ransomware-as-a-service.

To effectively monetise and remain transparent, requires the investment of time and money. While the value of the data generated and processed by businesses is not universally agreed upon, the risk of non-compliance or not being transparent will prove more costly.




  • Forbes
  • IBM
  • The Verge