The rules applicable to proper data governance are murky. But the risk of enforcement is real: Courts have upheld the FTC’s authority to punish companies for failing to adequately protect customer information.

Clearly businesses must be sure that sensitive information is kept securely and doesn’t fall into the wrong hands, and that there are adequate protections from outside hackers and internal threats. Increasingly, businesses must consider what data they collect and maintain – as the best way to avoid the loss of information is simply NOT to collect it in the first place.

Businesses should consider whether they really need to collect data, and whether their customers have a reasonable expectation that data is being collected and maintained in the first place – including data being collected by (or for) third party service providers.  A business is accountable for the data collection taking place on its sites.

To make things worse, sometimes consumer data is not being collected by the site a consumer interfaces with, or even by service providers those sites have directly engaged. Sometimes, due to the open nature of the internet and the ad tech ecosystem, unknown companies may have access to customer information – and no one is ever aware that the “data leakage” is taking place.

Most of this data sharing is consistent with the broadly worded privacy policies sites use. And some of this data sharing may provide a benefit, in that it is the fuel for targeted advertising. But is it a good thing?

I think to answer, you have to ask yourself: “is it creepy?” and “would my mother be surprised about this?”

Data sharing may be too personal if our mothers are surprised, cementing the importance good data governance policies

Data sharing may be too personal if our mothers are surprised, cementing the importance of strong data governance policies

We have all become accustomed to seeing ads for products (and sometimes competing products) we have recently searched or shopped for online. But the frequency of these ads can be disturbing.  

Personally, I see a parade of ads for things I regularly shop for online — clothing, athletic gear, even new cars. This advertising is effective, as I have become a repeat customer of certain branded retailers!

But would my mother understand that she is tracked, on an anonymous basis, from site to site?

I think so. But she would expect the right to opt out, and the right to be made aware of exactly what is happening.

And the sites we interact with need to understand these data flows – so they can be sure they are maximizing the value of what is taking place.

Tracking me should benefit the brand seeking to advertise to me, as well as the content site(s) I am interacting with – not the third parties incidental to the technology ecosystem. A good data governance policy should make this possible.