We’ve all seen what happens to companies whose customer data gets compromised. It’s never a pretty picture. Going forward every one of you should apply the Hippocratic Oath and do what you must to make sure data mismanagement won’t hurt your customers, your brand or your organization by being privacy compliant. Even better, turn data management into a plank of transparency and trust. Or get someone else to do that for you so you can focus on the things that are going to build your business instead of things that make it vulnerable.

The Issue

We’ve arrived in Orwell’s dystopia where big brother knows everything. Hardly a day goes by without a story of some organization’s data getting breached from mass merchants like Target to credit bureaus like Equifax. Even worse are the revelations about how companies like Facebook and Google are profiting off customers’ data without their understanding.

There are, of course, data protection laws protecting everything from health information (HIPAA) to personal credit information (FRCA) to children (COPPA) to Europe’s new General Data Protection Regulation (GDPA). They establish a base, but fall woefully short. Laws and regulations are useless unless all choose to follow them.


The Opportunity

Every organization has a choice. They can turn a blind eye; they can become privacy compliant; they can invest to build a brand of trust and transparency; or they can let someone else deal with their data for them.

– Blind Eye

Turning a blind eye is a choice. Most startups don’t worry about privacy early on. They plan to deal with the problem later when they get big enough for it to matter. It’s a reasonable choice. Get things vaguely right first. Then iterate with more experience and resources as you go. These companies know they will have to spend more time and money later than they would if they got things right in the beginning. But for some, that’s the only way to survive and thrive.

– Privacy Compliant

This is about doing the minimum required to comply with the privacy laws and regulations. For these companies, data is a hygiene issue. They need to be merely good enough at it. They will simplify what they are doing as much as they can in a world in which every company and jurisdiction may have its own privacy laws and regulations. This fits with the core tenant of strategic thinking to invest where you can be best in class or world class and simplify, scale or outsource the rest.

– Brand of transparency and trust

No one can figure out how Google is using their data. People who have figured out what Facebook is doing with their data are not happy. Companies can make data transparency a cornerstone of their brand – but only if they mean it. It’s not enough to say you’re going to do something sometime in the future. You need to do it now and make it easy for others to understand.

– Get someone else to manage the data

Managing data is complex, challenging and, as former Air Force rocket scientist Krissa Watry explains, “harder than rocket science.” Furthermore, it’s not your data. It’s your customers’ data. And you’re probably not going to make data management a competitive advantage. So, why not let someone else deal with it.

For example, Watry’s company has created PlayPortal as a platform on which others can build children’s games. As Watry told me, “It’s a whole architecture and tool set that allows people to be privacy compliant out of the gate.” Companies using this platform get to take advantage of all the heavy lifting Watry has done over the last four years and focus on doing what they do best.

RaisingNerd’s Lee Allentuck who has been in and around the toy industry for over a decade told me that every company stops short of truly engaging with kids. But he thinks PlayPortal is the “missing piece that closes the viral loop.”