Your company probably doesn’t have enough data—and there are third-party data brokers who want to help with that. However, choosing the wrong broker could mean risking customer trust, safety, and interactions. What do IT pros need to know about data brokering and its possible dangers?
First and foremost, IT pros and their companies have a responsibility to ensure data privacy for customers, or they could face legal penalties. Legislators have been working to add regulatory frameworks, like the California Delete Act, to help consumers understand what kind of data companies are collecting from them, and opt out if necessary.
Ron Zayas, CEO of Ironwall, an online privacy protection and data removal service company, described the relationship between companies and data brokers as a door that swings both ways. For example, an organization might buy data to better inform advertising or product development, while a data broker might want data about a company’s user base.
“There’s lots of models that help make that very financially attainable, especially for startups and especially for companies that are gathering intimate information, because that’s what data brokers want,” Zayas said. “They want to help you get more customers so that you’ll feed them more information.”
Real consequences. Director of Litigation with the Electronic Privacy Information Center John Davisson regards data brokers as the “Big Tobacco of privacy,” and believes that companies should know more about interacting with them.
Davisson believes brokers are “selling products and services that can cause harm in so many different ways, that present harm to you in the form of data breaches, that threaten [for example] domestic violence survivors, that make it possible for people to track them down and cause them harm.”
“If you put all that into context, there’s an ethical thing, I think, for anybody who’s developing an ad, an app, marketing, any type of service,” Zayas agreed. “Are we collecting and selling information that puts people at risk? That is a conversation that IT and risk management has to be involved with.”
The more things change. While advocates and legislators continue to call for an increase in data privacy laws, companies see an increasing need for data to make informed decisions for tasks like product development, advertising, and more.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Jodi Daniels, a faculty member at IANS, told IT Brew that some businesses might seek out data brokers to gain access to data to help drive enterprise decisions and optimization. Using a data broker’s service can assist a company when resources are stretched thin, even if it means giving those brokers access to lots of sensitive data about customers.
“To get to [a company’s] market, they need data, if they don’t get to their market, then everyone has to see advertising that isn’t relevant—that’s really expensive for companies,” Daniels said. “In trying to reduce their costs, well, data is going to be able to help them do that.”
Davisson said that companies need to take serious measures to protect the personal information of users, especially as it pertains to jurisdiction of state laws and what action the Federal Trade Commission has taken against those who have violated consumer privacy and trust.
“There is serious legal risk attached to selling sensitive personal information,” Davisson said. “Even as I say that the regulatory landscape is not as robust as it needs to be when it comes to privacy protection, more and more states and more and more regulators are waking up to this problem and taking enforcement action against the companies.”
Takeaways. Zayas wants IT professionals to consider the risks of interacting with data brokering, considering the relationship between companies and brokers can increase cybersecurity risks, in addition to the ethical dilemmas of buying and selling user data.
While engaging with brokers can be a quick way to secure additional data, Zayas warned that there’s a lot of information that can get into the wrong hands. Data enriched by brokers is “even more sensitive,” he added, boosting the costs and need for infrastructure.
“Especially if you’re starting a new company, look at data being an asset, not just a commodity that you trade,” Zayas said. “See how you can protect your data—not give it out, not share it, not become a target for it being breached—so that you have a competitive advantage with everyone else.”