Consider the customer’s perspective
View
Transparency and explainability
View
Educating the customer
View
Role of legal
View
Building trust in customers and government
View
Privilege
Consider the customer’s perspective
Technical legal compliance is just one dimension of decision-making. When collecting, holding and using customer data, businesses should consider not only the legal implications and boundaries of handling that data, but also the ethical considerations. Decision makers need to put themselves in the shoes of the customer and reflect on how they would feel if it were their personal data being handled or used in a particular way.
Tech companies may find it helpful to obtain input from a sample of actual customers when considering new purposes for collecting and using personal information, to better gauge the likely reactions of their customer base.
Strong company values that focus on the customer experience and ‘doing what is right’ ensure that these considerations drive discussions across the business.
View
Transparency and explainability
Following the major data breaches in the past year, public awareness and scrutiny of the data handling practices of big businesses has increased. As a result, customers are now demanding greater transparency around and control over what personal information is being collected and why, as well as how the data is being collected, used, held, protected, and stored.
Regulators are also emphasising the need for businesses to be transparent about the data they are collecting, how it is being collected and what it is being used for. Increasing transparency in this process will allow customers to make an informed decision about whether to disclose their personal information. For example, a privacy policy could be presented in a more simplistic and non-legal way that the customer will better understand.
However, transparency and explainability has become more difficult with the rise of artificial intelligence (AI) tools and applications, as AI is black box by design. For companies that are heavily reliant on AI, it will be very difficult to explain how an AI tool has come to a particular decision and how customer data may have led to that decision being made.
Educating the customer
Given the explosion in data collection capabilities and the implementation of data sharing across businesses to enhance the customer experience, organisations should critically consider how to give customers a genuine level of control over the handling of their own data (particularly the retention, correction and deletion of that data), whilst maintaining a level of commerciality. For example, businesses might consider seeking specific consent regarding particular data uses or giving customers a ‘right to be forgotten’.
Providing customers with enough information about the security systems of a company to help them understand how their personal information is being protected, but not so much information as to create privacy and data security concerns, is a delicate balance.
Customers now know the right questions to ask (e.g. what is my data being used for?), but may not know what to do with the answers they receive. Tech companies can add value and increase customer trust by educating customers about how the data collection technology works to help them understand what is being done with their data and why.
Privilege
Building trust in customers and government
Role of legal
Regulatory compliance can be enhanced by ensuring that legal has a seat at the decision-making table. Some companies have found it valuable for legal to sit with the business from time to time to ensure that operational and implementation risks are properly understood and to foster a deeper culture of compliance.
Everybody in the business plays a part in doing the right thing. It is important to educate and empower those within the business to make their own compliant and ethical decisions – the responsibility does not fall solely on legal.
Legal Leaders play a unique role encompassing both commercial and legal perspectives. A key role of Legal Leaders in tech companies is efficiently and effectively managing stakeholders both within the business (such as founders and commercial leads), and externally (such as customers and regulators). Each of these stakeholders will have differing views on what ethical data use encompasses, and there is a need to ensure all stakeholders feel heard and their views are carefully considered without compromising legal professional obligations.
Navigating the data regulatory landscape is a complex task facing businesses across industries, especially with Australia’s proposed privacy reforms. Depending on their size, maturity and resources, organisations should consider whether it is appropriate to adopt a granular, jurisdiction-by-jurisdiction approach to privacy compliance, or invest in developing privacy processes and programs that can be scaled across multiple jurisdictions.
Maintaining legal privilege over communications and ensuring that privilege is not inadvertently waived becomes difficult where a legal counsel wears multiple hats including commercial roles.
This is more so where business communications are taking place at increasing speed and over a variety of different platforms (from more traditional email communications to instant messaging applications like Slack). Best practice tips (like keeping legal and non-legal communications separate) might not be practical.
To learn more about legal privilege, waiver of privilege and disclosure to regulators, listen to our podcast series here and access our Quick Guides here.
Public and government distrust in tech companies is at an all-time high, which has led to government agencies and regulators not wanting to be seen to be working too closely with industry. Tech companies now need to build trust in not only their customers, but also government, to achieve a more collaborative approach to tech regulation.
When a data breach occurs, customer frustration and government condemnation of an organisation’s actions generally focuses on the business’ reaction and response to the data breach, not the fact that there was a data breach. While it may not be possible to prevent a data breach from occurring, tech companies should focus on tightening their data retention policies and their data protection processes and procedures, and ensure they are readily prepared to respond to a data breach.
EXPLORE OUR LEGAL PROFESSIONAL PRIVILEGE IN AUSTRALIA HUB
VIEW MORE