In recent weeks, privacy and data have been at the forefront of the news. The first instance involved a wave of headlines about how social media platforms managed (or sometimes mismanaged) users’ data. More recently, your inbox has likely been flooded by technology companies updating user agreements to ensure they conform with the EU’s new General Data Protection Regulation (GDPR).
Since arriving at ReCollect in 2014, I’ve seen a dramatic shift in the conversation around data and privacy among our customers and users. It was sometimes a struggle to get organizations to understand why privacy and data security matter so much – even to a solid waste department – and why security and privacy are core to our company’s culture. And getting it right often easily went unnoticed. In those early days, customers loved our products’ convenience, ease of use, and ability to help them educate and communicate with their residents. Today, they still love these benefits, but thankfully they also value our regular security audits, our privacy rules, our security culture, and how some employees contribute to organizations like the Electronic Frontier Foundation.
As both a user of online government services and an employee, I’m grateful to see the growing recognition among governments of data privacy and security. Data is a resource whose value has been heralded for some time. Here at ReCollect, the data we collect about usage and queries helps our customers better understand their residents, answer questions more effectively, increase diversion, and generally be more proactive. But, as with any resource, data itself can be recycled or repurposed for ends other than those for which it is initially collected.
Even with the best of intentions, any system attempting to keep data private and secure is only as good as the technology and practices that support it. Unfortunately, as we have recently seen, a lack of secure practices can easily undermine privacy. The consequence goes beyond more spam in everyone’s inbox or the potential for fraud in the short term — the longer term consequence is that these events impair trust not only in a specific vendor or industry (including us), but also in the governments that provision these services.
At ReCollect, we believe the collection of any data should serve a single purpose — the delivery and improvement of the service for which it was provided. To do otherwise, intentionally or not, would be to undermine the trust that customers place in us to provide a framework of communications for them.
Data Cannot Be Private Unless it is Secure
Vendors of Software-as-a-Service everywhere and in every sector should now be routinely facing some potentially tough questions, such as:
- Have they ever suffered a data breach?
- What data is collected?
- What is the policy on data retention?
- Who owns it? And what happens to the data after the service is discontinued?
- Where and how is it stored and conveyed?
- How often and how extensively are services audited for security?
Buyers of these services need to ask themselves what their operational costs of a data breach are, even if they are not responsible for it. Furthermore, what is the potential impact to the end user and the reputation of the buyer?
Building a culture of security, in which secure practices are intentionally designed and followed, has real costs — but data breaches, the alternative, cannot be considered a cost of doing business. Governments at all levels must take ownership of communications provided on their behalf if they are to fully realize and promote technology’s huge benefits. At ReCollect, we ensure that our systems always use the latest in secure protocols, enforce secure practices whenever possible, and proactively commission periodic security audits run by independent third parties. Consequently, we have never had a data breach — that much we owe to our customers.