That’s a direct quote from Scott McNealy, former CEO of Sun Microsystems, from several years ago. If it wasn’t true then it sure is now.
However, despite the evident truth of that statement, that does not mean your customers or your investors believe it. And even if they do that doesn’t mean you can ignore these issues.
Unfortunately I find that many entrepreneurs do just that. They assume they can collect user data and do with it as they wish, users will just click on “Agree” in the EULA and continue on their merry way to their app or SaaS or whatever.
Wrong! You need to be aware of your customers’ and other’s anxieties and rightful concerns about both the privacy of their data and the security of your systems.
Identity theft is real, pervasive, and a real hassle for its victims. So while you certainly don’t want to highlight this issue in your presentations, you need to make sure your engineers are fully aware of both and are making their best efforts to protect your customers and their data. And these security measures should be fully documented and auditable.
So at minimum you need in customer-facing situations – all in plain English, not legalese!:
- Written privacy and security agreements
- Transparency and clarity about how you will use customer data
- Enable your customers to opt out of data collection
- Make clear your use of anonymized, aggregated data vs. personally identifiable data
Security and privacy need to be built-in to your technology, it’s not something you can add on later once problems rear their ugly head.
So yes, customer data is valuable to you and to your partners. But it’s most valuable to the customers! So protect it, and just as importantly treat it with respect.
And finally understand the difference between the two. Security is protecting any data you collect or possess from unwanted access. Privacy is protecting an individual’s data you possess or collect. So these issues are related, but different. Security is a technical issue, privacy is a policy issue. Cover them both!