Tonight I had to stop in to buy a bottle of wine from our local superstore and was made a very attractive offer on a product if I signed up to the retailers club.
Normally I refuse all loyalty schemes, I read 1984 when I was a teenager and I loath being tracked by anyone, but the offer did seem rather good so I agreed.
So the assistant drags me away from the cash register (if that seems like a dumb idea thats because it is) and starts asking me all these detailed questions, full name, Date of Birth, address, email and phone number. etc….
I didn’t get to the bottom of the screen before I ended up saying sorry I don’t want your card you don;t need all this data, just sell me the product.
I refuse to give you all this data for a loyalty scheme but the system had been designed so that it refused to process anything without the full data.
My comment to the worker was that one day you will get hacked and when you do the hackers could easily carry out identity fraud with the data you are collecting.
Increasingly that is my response to people who collect more data than they need to do the job.
It really pisses me off.
In fact all they needed was an email address or a mobile phone. Either of which would have been perfectly good to market to me and provide a discount at the checkout and i would have been happy to have joined.
But instead some marketing muppet has designed a system that took 2-3 minutes for the assistant to sign up someone in a busy store and required significantly more data than they needed to market to me.
To add insult to injury the PC based system was sitting in full customer view and accessible at the front desk.
In my mind the question is not will they get hacked, the question is when?
They are a privacy breach waiting to happen.
Numerous times in the last few months I have had the occasion to think about and discuss data security and privacy.
The first was in the Telstra ICT Industry Advisory board meeting where it was discussed at length.
The GM of Operations for Telstra said he only worries about 3 things. Security, Security and Security.
Nothing else matters to him, however most startups don’t really think about data collection and security in the same regard.
Interesting Telstra is using Blockchain algorithms to ensure configurations on their telco/data switches and routers are not compromised which is a really cool application.
The operating system code for the network device is signed with Blockchain modified code base and is verifiable as the original code, any changes to the system no longer match the blockchain which triggers an alert and action can be taken immediately.
A conversation had by chance with Phil Morle at Pollenizer about who has control of your health records also started me thinking that Blockchain verified databases have a big future for tracking copies of data.
For example if you go to a Doctor who orders an Xray or bloodtest. What happens to that data, who has a copy, where is it stored? When is it destroyed? None of this is currently known or verifiable.
It started me thinking about a set of principles by which Startups could create a culture around good data collection, security, privacy and loss prevention and mitigation.
So it got me thinking and I have come up with a few guidelines for collecting data.
- We should assume everyone is going to get be hacked at some point.
- Do you absolutely need to collect all data items to provide the service? Anything is which is not absolutely essential to provide your service should not be collected (this is enshrined in Australia Privacy Law but Im not sure anyone but health providers and financial services providers pay any attention to that).
- Don’t collect or retain credit card or financial information, there is absolutely no reason to, Paypal or other gateways can provide you methods to allow them to store data on your behalf and provide you a proxy or nonce for tracking payments which is not identifiable. I can’t think of any reason a startup would want to retain financial information.
- Don’t collect data of birth, social security, tax file numbers or address unless you absolutely can’t deliver your service without the data or there is a Government requirement to do so.
- Start with collecting first name and email address only, vigorously defend any attempt to widen the amount of data you collect only do so in the face of evidence it is required to run the business.
- Beware of collecting data which is health related or personal private data, most countries have requirements which require special provider registration and compliance if you collect this type of data, so avoid collecting this data like the plague.
- Don’t ask your users to fill out any more fields than they have to, its a pain in the ass and most people hate it and Im sure the dropout rate is significant for forms with unreasonable data requests.
- Each Country has different laws on data collection and retention, you should know them.
- Encrypt all data, disks, connections.
Basically the rule here is avoid collecting data.
You just don’t need the risk, collect only the 1-2 pieces of data you absolutely need and reject the rest so that when you are hacked (and you will be) they will only get a small amount of non essential data.