Understanding the complexities of customer data collection is vital for businesses today. Most businesses keep some kind of data on their customers—but knowing how to store it and how to communicate to customers about their data ensures your company remains secure and compliant.
We recently sat down with two Microsoft privacy experts to get their input on how companies should approach data collection. Here to answer our questions and offer up some best practices on this topic are Marisa Rogers, Global Sales and Marketing Privacy Manager, and Kristi Berry, Senior Privacy Manager.
MSFT4Work: How should businesses notify customers as to what they’re collecting, why they’re collecting it, and how they plan to use it?
Rogers: “The first thing is to make sure that it’s clear to the user why the data is being collected and what are all the possible uses of the data. At Microsoft, one way we do that is through our privacy statements. If there are additional uses of the data, then we evaluate whether to add some explicit text into the UI so the user’s made aware of that. For example, if we’re hosting a co-sponsored event or an event with a Partner, we may want to share the data collection for registration with co-sponsors, or with at least a Partner for that particular event. We would put clear notification into the registration that the data may be shared upon collection.”
MSFT4Work: Should businesses collect data for the sake of collecting it, or should they put more context around why they’re collecting certain information?
Berry: “We have this concept of data minimization, which basically means: collect only the data that you really need to fulfill the service or the situation and that there’s a valid business purpose. You definitely don’t want to collect data just because you can.”
MSFT4Work: Customers are expecting businesses to anticipate their needs, but don’t want to give up too much private information. How can businesses strike a balance between personalizing a user’s information through data collection without overstepping that line?
Rogers: “From a business perspective, again it goes back to thinking through what is the data that you need to deliver the personalized service, and to really be sure that you’re using each piece of information that’s then being gathered to deliver that experience. If it’s not apparent as a user navigates the site that data is being used to create personalization, you start to really wonder, ‘What is it that I’m getting out of this service and why did I provide all of this extra data when I’m not getting the experience that I expected.'”
MSFT4Work: Are there any online privacy trends or issues that might not be obvious to everyone else right now, but that you’re seeing just working in this space?
Berry: “Something that I know that regulators are paying attention to and the industry is paying attention to is this concept of big data. End users might not think about it, and even the casual employee might not think about it on the big scale. While in the past, if you had some very simple, what we might consider ‘anonymous-type of information’ about somebody, it didn’t seem like that big of a deal. But, as we can aggregate data in these bigger data collections, that quickly becomes much more sensitive data. We need to consider data classifications, how we’re handling data, and what we’re doing with it a little bit differently than we have in the past.”
For more information on Microsoft’s privacy policies and best practices for your business, visit our Trustworthy Computing site