One of the biggest challenges in the day-to-day operations of all businesses lies in finding the right balance of data privacy within the company and efficient workflows. Employees are sticking notes with their passwords on computer screens, personnel files including salary details are shared carelessly and it is temptingly easy to vet job applicants from their Facebook profiles. When confronted, staff may not even get the problem: you trust your coworkers, after all. A brief look into the psychology of digital privacy might help you to understand these challenges better and enhance data privacy practices in your company.
Everyone has a different concept of “privacy”
Like most people, researchers and data protectionists have the tendency to judge whether somebody is behaving “inappropriately” by applying their own, personal standards of privacy and data protection. But, the matter is far more complicated. Everyone has a different concept of “privacy”. E.G., our research on privacy management of German Facebook users, has shown that almost every participant considered some of their online data as confidential or worthy of protection. Some deemed their relationship status or their location as private, others thought that their coworkers should not have access to their personal life whilst friends should know nothing about their job. Even in the research literature, we find disagreement about the meaning of “privacy”. There is a broad spectrum of definitions, ranging from intimacy to secrecy, anonymity in the crowd to chosen solitude and even to the constitutional right of privacy – as a matter of principle, rather than actually putting it into practice. Moreover, everyone perceives risks of sharing information about themselves in a different way. Thus, if somebody does not have a problem with exposing their opinions, sexual orientation, home or financial situation online, they might also struggle to comprehend why they should treat other people’s information more carefully. This may cause huge problems for data privacy within the company. Yet, there is still one common denominator that we can use as a foundation: everyone’s shared basic understanding that if you share incomplete information, you can stay in control.
Compensating lack of knowledge with a gut feeling
The internet and its digital offers are so popular, because they satisfy many of our needs and make our daily work more convenient. Nowadays, it is easy to transfer money online or get advice from the masses, if you are clueless about something. But online banking requires account information. Advice cannot be sought without revealing a (very private) problem to a person or search engine. This is where the risk of data privacy begins, similar to the analog world. However, you cannot participate in everyday life when refusing to give your surname to people. Nonetheless, it is possible to avoid certain revelations, e.g. not discussing your income with strangers. Thus the right balance of disclosure and security varies for every situation and every person. Our handling and problem awareness of digital data is no different, apart from the fact that society has only had a few years to come up with best practices and legislation for very complex and abstract risk scenarios for our data. The learning process is always playing catch-up with the breakneck speed of the technical evolution. Hence, users have to trust their gut feeling and limited technical understanding.
Overwhelmed by Big Data
Until now, the sharing of incomplete information – no matter of which kind – used to be a rather successful strategy to achieve sufficient data privacy. A relatively large number of coincidences would have to occur before a bank advisor would find out about a customer’s diabetes while carrying out a credit check. Theoretically, Big Data would now make this possible: extensive tracking of formerly harmless online traces and massive computing capacities for data analyses can now unite all individual elements of information that were kept sufficiently separate in our analog life. A very detailed picture of a person emerges from numerous small information pieces. This is not only worrying for users and clients but also a virtually irresistible temptation for HR professionals, financial service providers and marketing analysts. If additional valuable data to help with big decisions is out there, then why not use it? In the era of Big Data, data privacy based on gut feeling simply does not cut it any longer. Without the relieving effect of additional aid, such as automatic encryption and filtering security software, all of us would be hopelessly overwhelmed.
How businesses can help employees
Most employees have the best intentions when it comes to treating their company’s or clients’ data confidentially. How successfully this is carried out, however, largely depends on the individual, risk awareness, cultural background and available resources. This is where business owners can support their staff. Awareness workshops should cover the various individual concepts of data privacy infringements and violations, not just one. Data protection officers should take their colleagues’ complaints seriously, even if they struggle to see the problem. Another preemptive measure against data leaks and the curiosity of individuals is to restrict your employees’ access to sensitive data unless they specifically need this information for their daily tasks (see the principle of minimal privilege).
Suitable tools for data privacy in businesses
Companies can also support their employees by investing in good, encrypted and easy to use IT instead of ignoring existing needs. Because only then, choosing a reliable solution will not depend on your employees’ technical confidence and gut feeling. It is of particular importance for departments such as HR, Support, and Sales, who regularly need to communicate and share files externally, to have access to solutions that are fit for data protection and cross-platform – which are often not supported by the internal IT. Because if your company’s software is easy to use and encrypts files and communication automatically, you will already have achieved a lot for data security in your business.