Anyone who follows tech, startups, or privacy issues has probably seen, by now, the firestorm surrounding Uber this week. I will not go into extensive detail, but in brief, a senior executive at Uber apparently suggested that it might be acceptable to dig up dirt on individual journalists and their families if those journalists were critical of Uber. It seems generally understood that this was directed against one particular journalist (you can read her reaction here).
There has been plenty written in reaction to this story, but that is not the point of this post. The point of this post is that: tech startups, especially those that collect information about their users, need to be thinking about privacy issues from the beginning.
While the current Uber story started out being about a company going after reporters, it has the potential to morph into a giant privacy issue. Senator Al Franken is leading the call for Uber to disclose much more information about its privacy policies. The take-away for other tech companies is: get on top of your privacy policy early. If companies continue to act fast and loose with privacy issues, the government will eventually step in and impose regulations that will not make the tech industry (and quite possibly consumers) very happy.
If you are a company that collects information about your customers, here are three things you need to think about immediately:
A privacy policy is essential. If you are collecting information and don’t have one in place, you need to immediately stop everything else and get your policy straight. This will need to address both what you tell your customers, as well as how your company handles information internally. Collecting information is not wrong, but you need to make sure you address both disclosure and reasonableness. Disclosure means honestly disclosing what you are collecting to your customers. Reasonableness basically means not acting like an A-hole. If you don’t have a privacy policy, or you don’t know if your policy is adequate, run, don’t walk, to your attorney and get this fixed immediately.
Even if you have a privacy policy in place, you need to make sure you are internally protecting that information. One of the things Al Franken brought up in his open letter is Uber’s so-called “God View” which Senator Franken’s letter claims is available to a large number of Uber employees. This tool presumably allows Uber to see extensive information about users and their habits including seeing their real-time movements.
If your company collects a great deal of information, you need strong controls over that information and who within your company has access to that information. People are becoming more and more sensitive to privacy issues. Something like the so-called “God View” is going to make everyone very nervous. So far, the U.S. government has not imposed a huge amount of regulation on tech companies. However, Europe has imposed far more strict controls. If companies don’t start to take aggressive action to regulate themselves, the U.S. government is going to step in and regulate.
Each company is going to be different in terms of how information is controlled and how it needs to be controlled. It is important to think about who, within your company, has access to private user information. If you are not controlling this, you may find yourself liable legally for the abuses of your employees.
With all of your company policies, you need to think about how they will impact your ability to continue to attract new customers. If the future of your company depends on the trust of your users, you better make sure that your policies are designed to keep that trust. Right now, many users are willing to trust a great deal of their personal information to tech companies. However, too many abuses by too many companies will destroy that trust. If the trust is destroyed, your customers will start to look for alternatives. Google famously has the motto “don’t be evil.” This motto reflected a larger corporate attitude regarding company and employee behavior. As a result of this attitude, customers trusted Google with a great deal of information. While some of the policies may not have been required by law, they were good for business.
Privacy policies are not an easy issue. You will certainly need to talk with an attorney who is well-versed in privacy issues. Additionally, if you plan to have users in other countries, you also need to address international laws. However, appropriate privacy policies may be critical to your business, so you would be well-served not to ignore them.