Privacy: Do Customers Deserve an Independent Audit Report?

Electronics are becoming a commodity – there’s not much profit from selling cell phones or laptops anymore (unless you’re apple). So most companies are moving away from investing in hardware as their core business and shifting towards services. Services come in many shapes and sizes, but usually include consulting services, applications, or analyzing and selling customer data.

Customer data is where it becomes interesting. As selling physical products become less profitable and the idea of monetizing customer data becomes more profitable how do companies resist the urge to over-exploit customer’s private data? What assurance do customers have that their data is protected?

We’ve already read stories about Samsung Smart TVs capturing personal conversations, Vizio’s TV logging our viewing habits, and where you data goes when you use Apple’s Siri. So there’s no question as to whether data is being collected, but what are they doing with it, is it secure, and how does it impact me if it’s stolen?

Third Party Risk Management – For Consumers

When businesses work together there are standards in place to help businesses feel comfortable when sharing data. For example, most companies are audited by an independent accounting firm to get reports stating what controls mechanisms they have in place from a security and privacy perspective (e.g., PCI, SOC 2 reports). Beyond audit reports most company’s have a pretty rigorous vetting process to understand the risks of using a particular third party. Questions are asked, like: Where and how is data stored, who has access to it, and what happens if it’s stolen.

Consumers give up data that is much more personal, but do none of this and don’t have power to vet a large Company if they wanted. (Try asking Apple for an audit report next time you buy an iPhone.) Most of us have to trust that Companies are doing the right thing. But should it be that way or should customers have similar assurance mechanisms? If so, what would something like that look like. An independent audit report for consumers?

What do you guys think?

3 thoughts on “Privacy: Do Customers Deserve an Independent Audit Report?

  • That would be great, but I don’t see it happening. Besides, the average user doesn’t care and wouldn’t read a report if it were available.

    Our government collects massive amounts of data and little outcry is occurring over that. We are told all that data is gathered to protect us.

    Regarding our personal data, we are told all that data is gathered to provide us with free services.

    Most people “don’t have anything to hide” so they don’t care. Drives me crazy.

  • “That would be great, but I don’t see it happening. Besides, the average user doesn’t care and wouldn’t read a report if it were available.”

    I think you are right about that. What would probably happen is tech reports or news outlets would read them and provide a summary to the public. Which would probably be even more effective. Companies want to avoid those bad headlines.

    It drives me crazy when people say “don’t have anything to hide” too!

  • “I don’t have anything to hide” is a bunk argument. Next time someone says that, ask them to hand you their cell phone and say you’re going to read all their text massages, emails, and view their browser history.

    I only don’t have anything to hide because I know better to use Private Browsing and keep my text/email inboxes clear. 🙂

Leave a Reply