Who owns your business’s data? The answer may seem obvious – you do. Right? But in today’s digital landscape the answer is not so clear cut. Data has become a hugely valuable commodity. In fact, many tech companies, like Amazon, Facebook (Meta), and Google, earn the bulk of their wealth through data, and many smaller companies are trying to follow suit. It’s not uncommon to see updated user agreements that sneak in legal, but ethically questionable, clauses that allow providers to harvest and profit from their customers’ data. Here’s why this matters and how you can protect yourself.
Why Data Privacy Matters
Imagine that you’ve spent years developing the perfect product niche, but lately more and more competitors have been entering the market, affecting your bottom line. That’s when you discover that all of your hard earned data has been harvested and resold as part of an aggregated market data service.
How could something like this happen? You shared those details, quite likely without knowing. It turns out that you didn‘t notice the fine print in your ERP provider’s updated service agreement. That contract states that any data stored within your ERP is now legally for your provider to use for any purpose, with the sole caveat that the data cannot include any details that identify your business. However pricing, inventory, sales numbers, and customer data are all fair game.
While this scenario is an entirely fictional example, current industry trends could easily see these sorts of services emerge in the future. We regularly see similar data gathering clauses being slipped into contracts, and more often than not, the signees are unaware that their terms have changed.
How to Keep Your Data Private
As we’ve seen, data is big business. Most companies won’t go out of their way to make sure you understand how your data is being used, so it’s important that you are your own data privacy advocate. Carefully examine all agreements and ask smart questions when evaluating software. Here are a few questions that can help you out.
How is my data encrypted during transfer and storage?
It’s not just the companies that you do business with that are interested in your data. Ransomware attacks are becoming more and more common, and small to medium companies are attractive targets since they often don’t have the resources to hire cybersecurity specialists. In addition to being costly, a ransomware incident can grind business to a halt and damage your reputation.
Don’t assume that your software provider’s security protocols are adequate – some ERP providers even promote services to help customers recover from data breaches. While it’s great to have support for these types of events, most of us would agree that it’s better to avoid them all together. Keeping your data secure is a pretty basic requirement for any cloud software provider, and it’s clear that a provider whose customers are suffering from security incidents on a regular basis needs to step up their protection.
AvSight takes the responsibility to keep our customers’ data secure very seriously. Here’s a more in depth look at cloud security and how AvSight keeps your data safe.
Who has access to my data? Employees? Contractors? Third party service providers?
Having account permissions in place to ensure that critical data is only accessible by employees who need it is an important way to prevent internal data breaches. But establishing security protocols for your employees is an exercise in futility if your service provider, its employees, and third-party partners have free access to your data with service agreements that allow them to collect, aggregate, and share user data.
AvSight and its employees have no access to our users’ data. It is encrypted and stored securely on Salesforce’s servers – the same servers trusted by large companies such as Delta, American Express, and the NSA. We believe strongly in achieving profitability by providing a superior technology solution to our customers – NOT by abusing their data.
How will my data be used?
If a provider reserves the right to access your data, it’s important to know why they want this access and what they plan to do with it. Many customers have made the decision to switch to AvSight after discovering that their previous software provider’s contract included agreeing that their data could be used for the purposes of developing new products and services and for any other business purpose including creating non-Licensee specific metrics and statistics. They do agree not to disclose any data to other customers in any manner which identifies the Licensee. However, this is thin protection at best – it may prevent them from revealing that the data comes from “ABC Aviation Company” but may not prevent them from disclosing that it came from a 145 shop in Dallas with 10-20 employees. In a tight knit industry, like aviation aftermarket, piecing the details together to determine who that data came from isn’t too difficult.
More alarmingly, this agreement makes no provisions to protect the identity of your customers. This is bad news for you when it comes to remaining competitive in the market – but it could also open you up to liability and stiff fines. Anyone who does business in the EU or maintains info on individuals who reside in the EU is required to comply with GDPR. These data privacy regulations call for both data security and transparency into how data will be used. If you yourself are unaware of how your data might be used, you can’t possibly be transparent with your clients about how it will be used. It’s important to note that GDPR applies, not just to data that directly identifies your customer (ie. name, address, etc.) but also to data that could be pieced together to identify your customer. Another key GDPR requirement is that this information cannot be disclosed in a way that is difficult to find. Including a small disclaimer somewhere in your sales contract is not going to cut it. The fines for GDPR violations are steep – up to 20 million Euros or 4% of your revenue – whichever is higher.
The Bottom Line
Data privacy and security is a serious issue that can affect your profitability, reputation, and legal standing. Make sure your team makes informed decisions on these fronts. This article is designed to be informative and is accurate to the best of our knowledge, but should not be considered legal advice. Make sure that you consult with a legal professional when making contractual decisions.