User Privacy – Is it really that hard ?
Having recently launched live music event discovery app Gigseekr , with user privacy a key consideration , DAM Good Media CEO David Hamilton provides his perspective on the need to respect customer data .
It seems that for the last few years , any mention of tech companies in the Press is closely followed by some form of privacy scandal or leakage of user data . With the likes of Google and Facebook , among many others , internet users have to accept private data is used in ways that we often aren ’ t made aware of to fill the pockets of global corporates .
For most of us this isn ’ t perceived to be a problem until it all goes wrong , at which point we set up new passwords for services in the hope that something more serious like our bank accounts or credit cards don ’ t get hacked – a process that would be much harder if our private data wasn ’ t harvested .
Gigseekr is a new event discovery service . In many ways it is no different from Facebook ; it is a service that operates around ‘ big data ’. The better we can understand the data , the better the service we can offer . There is one big difference . At its core Gigseekr has been built around the user requirements , not those of a commercial enterprise . There are core elements of Gigseekr that will always remain , including being free to use and having no adverts . The most important is not paying lip service to the privacy of our users . Why does any service need a user to create an account up front ? Marketing departments will want every email address possible , but all they end up with is dirty data and poor interaction metrics .
At Gigseekr , we don ’ t ask the user to create an account , they are straight into the app .
We ask one question – What region in the UK are you from ? We ask this because a user in Cornwall is unlikely to want to see details of events in Scotland . We create a pseudouser in the background , but we have no idea that Joe Bloggs from Cornwall is the ID ‘ d5bfs24fs ’.
An actual account can be useful for the user , especially as our features grow . This means there are many things that need to be thought about , and almost all of them are implemented differently to what is expected :
Passwords Do we really need a user to give us an email address and password ? If our service gets hacked then a user ’ s password could be at risk and therefore giving away access to all their other online services .
User Data Do we really need to know what gender or race someone is ?
“ Handling data in a privacy aware way is a different way of thinking .”
More often than not this data is pointless , each person is an individual and the stereotypical marketing buckets should be eradicated and replaced with analytics that have meaning and produce results .
Encryption This is a really important piece that is often only thought about for passwords . There is no need for any of the personal data about a user to be stored in plain text . This means that no member of staff working for a company can look at data they shouldn ’ t be able to , it also means that should a company get hacked then the hacker ’ s job is harder .
Storage The pseudo user account is the one that monitors the interactions of which acts are being followed or events have been attended . Any of the private and encrypted user data is not stored in the same place .
Handling data in a privacyaware way is a different way of thinking , daunting even , but it is liberating .
It is amazing how much weight of responsibility and liability is lifted .