How is Your Supplier Using Your Data?
5/5 (2)
Spread the love
5/5 (2)

What is happening to the data that you are sharing with your ecosystem of suppliers?

Just before Christmas, a friend recommended reading “Privacy is Power” by Carissa Véliz. But the long list of recommendations that the author provides on what you could and should do is quite disheartening. I feel that I have to shut off a lot of the benefits that I get from using the Internet in order to maintain my privacy.

But then over the past couple of days came a couple of reminders of our exposure – our suppliers will share our data with their suppliers, as well as be prepared to use our resources to their benefit. I am reasonably technical and still find it difficult, so how does a person who just wants to use a digital service cope?

Bunnings’ Data Breach with FlexBooker

First example. Bunnings started using a service called FlexBooker to support their click-and-collect service.

To do this, they share personal information with the company for the service to work correctly. But hackers have stolen data for over three million customers from FlexBooker in a recent data breach.

How many of Bunnings’ customers were aware that their data was being shared with FlexBooker? How many would have cared if they had known?

I have only read the comments from Bunnings included in the Stuff report but I believe the reported reaction lacks the level of concern that this breach warrants. What did Bunnings do to verify FlexBooker’s privacy and security standards before sharing their customers’ data with them? What is going to change now that the vulnerability has been identified?

Neither of these things is clear. It is not clear if Bunnings have advised their customers that they could have been affected. There is no clear message on the Bunnings New Zealand site on the details of the breach.

In “Privacy is Power”, the author makes a strong case for customers to demand protection of their privacy. Organisations that use other companies as part of their services must be as demanding of their suppliers as their own customers would be of them.

Is Crypto Mining part of antivirus?

The second example is a little different. Norton has released crypto mining software as part of their antivirus suite. This crypto mining software uses the spare capacity of your computer to join with a pool of computers that are working to create a new blockchain block. Each time a new block is added, you would earn some cryptocurrency that you could change to a fiat currency, i.e. normal cash.

But I question why a crypto miner is part of an antivirus suite. Norton makes the case that they are a trusted partner, so can deliver a safer mining experience than other options.

Norton have made the use of this software optional, but to me, it does indicate the avarice of companies where they see a potential income opportunity. If they had included the software in their internet security suite, then there may be some logic in adding the capability. But to antivirus?

The Verge did some unscientific measurements on the value to a user of running this software. They found the cost of the electricity used during the operation of Norton’s mining software was about the same as what they earned. So Norton, with their 15% fee, would be the only ones making money.

The challenge remains for most of us. Our software vendors are adding new functionality to our services regularly because it is what we as customers expect. But I rarely check to see what has been changed in a new release as normally you will only see a “bugs squashed, performance improved” messaging. We have no guarantee that they have not implemented some new way of using our information or assets without gaining explicit approval from the user for this new use.

To Norton’s credit, they have made crypto mining optional and do not activate the software without their users’ consent. Others are less likely to be as ethical.

Summary

Both of these examples show how vulnerable customers of companies are to the exposure of their private data and assets. All organisations are increasing their use of different external services as SaaS options become more attractive. Commercial terms are the critical points of negotiation, not customer privacy. What assurance do customers get that their privacy is being maintained as they would expect?

One point that is often overlooked is that many cloud service contracts define the legal jurisdiction as being either the cloud provider’s home jurisdiction or one that is more advantageous for them. So, any intended legal action could be taking place in a foreign jurisdiction with different privacy laws.

Customer service organisations (i.e. pretty much all organisations) need to look after their customers’ data much more effectively. Customers need to demand to know how their rights are being protected, and governments have to put in place appropriate consequences for organisations where breaches occur outside that government’s jurisdiction.

Cybersecurity Insights
0

Please rate this

Alan has proven experience in leading digital change as a CIO across multiple different industries, sectors and geographies. His focus on putting the customer at the centre of outcomes has been successful in implementing digital capabilities across both private and public sector organisations. Through over 30 years leading IT and digital organisations, Alan has developed a deep understanding of relevant strategies and change management approaches. In Super Retail Group, an Australian specialist retailer, Alan delivered omnichannel retail capabilities that offer industry-leading customer experiences. He has a record of dramatic performance improvements with internal IT and Digital teams, supported by strong supplier relationships, that achieve better business outcomes. Within New Zealand’s Ministry of Health, Alan led the implementation of cross-sector systems that improved collaboration within a highly devolved health system. From his first experience with innovation processes in Unilever’s global marketing teams, Alan has used proven and bleeding-edge technologies in powerful combinations that balanced the risks and rewards of new approaches. More recently, Alan has used agile and iterative techniques to achieve rapid returns on investment in complex organisations such as Fletcher Building. Alan is committed to continuous improvement, having seen that yesterday’s exceptional performance is tomorrow’s expectation. He holds a BSc (Information Sciences) from Victoria University of Wellington, reinforced by hard-won experience in demanding real-time business environments. Growing up around water, Alan went on to play water polo at international level. This sport gave him an early opportunity to experience different cultures and countries. With his family of partner, son and daughter, he has lived and worked in both northern and southern hemispheres. Now resident back home in New Zealand, Alan continues to swim for exercise and reads voraciously. A high-speed internet link has become an essential part of life!


Similar Blogs

Join the community and receive insights and analysis directly to your inbox.

Connect with an Expert
0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments