Data privacy is dead and SaaS holds the smoking gun! The purpose of this shameless paraphrasing of Mashable CEO, Pete Cashmore’s statement in October 2009 that “privacy is dead and social media holds the smoking gun” is to highlight the parallels between individuals’ personal information and enterprises’ confidential data. And how both sets of data are now being stored, managed, and utilised by third parties like never before. Admittedly, these rumours of the demise of SaaS customers’ data privacy are grossly exaggerated, but a valid question remains regarding the level of privacy that is given up when a business chooses to moves its applications to the cloud.
The advantages of SaaS are many and varied, and the majority of enterprises are reaping the commercial, technical, and operational benefits to varying degrees – but while data security has always been a hot topic for SaaS vendors and a primary concern for customers, data privacy hasn’t received the same attention. Although I certainly wouldn’t suggest that the mining and sale of customer information for advertising purposes is a common practice amongst SaaS companies in the same way that it is for social media platforms, the waters are somewhat muddy when it comes to what extent SaaS providers actually use their customers’ information.
By virtue of owning a multi-tenanted environment which processes potentially enormous numbers of customer interactions with their software on a daily basis, SaaS vendors may find themselves (intentionally or otherwise) in possession of a very valuable commodity in the form of aggregated customer data. Take, for example, the case of a payroll software vendor who realises that, although its main source of revenue remains the monthly subscription fees for the use of its software, the company’s ability to aggregate data on employment trends and statistics, and sell that data to HR departments, employment policy makers, recruiters, newspapers, etc. could create another unanticipated yet highly valuable revenue stream.
The clever aggregation and reporting of data in this way is not only beneficial for SaaS companies and it can also benefit their customers when usage data is harnessed to develop more relevant products, features, and functionality. Given the fact that the data is aggregated and anonymised, there is no perceivable threat to the privacy of the end customer. The same may be said for the vast majority of reputable SaaS vendors. But what if the seemingly high-level aggregation were to come down a notch to, say, produce a report on the average wages being earned in a particular sector, or perhaps the disparity in wage levels between companies in that sector? Would that SaaS vendor’s customers be happy for their data to be used in this way or would they see it as a breach of their privacy?
Of course I’m not saying that businesses should avoid using SaaS. On the contrary, I firmly believe that the benefits of the SaaS model far outweigh the potential costs. However, in the absence of strong regulation, it is often up to SaaS users to keep providers honest and vote with their wallets by purchasing services from those with very robust and transparent privacy policies and who are open about their usage of customer data. The main factors to consider if you are customer who is concerned about the privacy of your data in a SaaS environment are data ownership and rights of use, the location of your data and the extent to which it is segregated, and your ability to delete or retrieve your data if you decide to change vendor or cancel the service. And to the SaaS vendors out there, ensuring that you strike a healthy balance between preserving the confidentiality of your customers’ information and utilising their valuable data to enhance your services and grow your business will help prevent the thriving SaaS industry from becoming the threat to business privacy that social media has become to personal privacy.
by Michael Cullen @michaelcullen87