February 23, 2018

Extensive customer data sharing

by admin123 in Data

Organisations are granted permission by their customers to collect and control their data. But are they abusing that privilege by using the data outside their organization?

According to Evidon, a major retailer was revealed to be sharing the customers’ data with a few of other lesser-known companies. In this case, organisations, like this major retailer, rely on the privacy policy where they claim that they share information with “selected partners”.

This is where the lines can be blur: the “selected partners” can literally end up becoming every company as long as they are considered to be the organisation’s “selected partners”. But it doesn’t just end there.

These “selected partners” also have a privacy policy which is similar to that of the organizations that had first distributed the customers’ data. They are also obliged to share the customers’ data with their “selected partners” – this process can be continuous as long as the “selected partners” share with their own “selected partners”. In other words, the customers’ data can be accessed by many companies via just a single collection point that is managed by a company. This is a disturbing yet possible fact, as the customers will not expect their data to be shared extensively upon their agreement with a single company’s privacy policy.

For this reason, organisations ought to be clearer in their privacy policies on who they will be sharing the customers’ data and what kind of data will be shared with them. They also should enforce reasonable limits on how much data should be shared within their direct network of partners. Similarly, further limits should also be implemented on these “shared partners” such that they do not readily pass on the customers’ data to their own network of “shared partners” without informing these customers that their data will be accessed by a new network of “shared partners”. Adopting such practices is one of the ways that the organizations can take to ensure that the customers’ data is more secure.

Customers can also play a part in mitigating the risk of their data being shared so extensively across the partnership networks. In most countries, the customers have the right to request from the companies for information about the ways in which his or her data has been used or disclosed. They are also allowed to withdraw consent at any time so long as they give the company reasonable notice. Furthermore, the company is not allowed to prohibit the withdrawal of any consent. However, the customers have to be aware that such withdrawal of consent allow the companies to end its services to the customers.

If the usage and sharing of data is found to be unreasonable, and the company is unwilling to take the appropriate steps to rectify the problem, the customer can lodge a complaint at their respective country’s personal data protection authority. The authority will usually investigate and take necessary action to ensure that the customers’ data is protected.

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − eight =