Data privacy goes beyond protecting from data breaches. There are companies who regularly compromise their customer data as part of their business operations without ever telling the customer they’re doing so. These companies have that data legitimately, with permissions given to them by the user, but the company then goes on to sell the data to a third party or uses it to cultivate additional information, beyond what the end user ever imagined.
Think about your favorite mobile app. You probably didn’t read the fine print about what that mobile app may be doing to access your contact info or track your location before hitting the “I agree” button. Yet, that’s what a lot of apps are doing. Even if you did read the fine print, you probably agreed to the terms of service anyway because you really wanted the app and weren’t able to pick and choose your privacy settings. That’s the problem. It’s all or nothing when it comes to giving organizations permission to use your information in return for using their product or service.
Steal vs. sell
All organizations have put systems in place to protect corporate and customer data to protect it from potential theft. Every security executive and their teams have deployed strong security solutions and processes to protect their enterprise network from outside compromise. All with the goal of protecting the data.
But what if your company’s business model is based on reselling every piece of customer data that is taken in? And do you consider the security stance and policies of the organization that purchased the data you collected, or how that entity might exploit the data? Where is the ethical line between compromised data through theft or compromised data through third-party resale?
For example, for …