Three Ways to Encourage Companies to Keep Our Data Safe in Business
Introduction
With smart devices and many other aspects of business and daily lives, companies collect tremendous of data. The risk is that they may be leaked or miss used. Sometimes it's just common sense, like when we order a taxi with a mobile app-we want the platform to know our location to match us to the closest driver. With this and other data, Companies can personalize their products and services to fit our preferences and needs.
Reduce Data Collection
We propose two key types of instruments for discouraging companies from collecting more data than is strictly necessary:
- A tax proportional to the amount of data that a company collects. The more data a company collects about its customers, the higher the financial costs of these data to the company.
- Liability fines. The concept is that the fines levied by regulators on companies after a data breach should be proportional to the damage that consumers suffer. In the case of Cambridge Analytica, the breach was massive so the company should have to pay a substantial fine.
Revenue Management
Recent years have seen a tremendous of data-driven revenue management. Companies increasingly its data to sell products and services. Examples Insurance companies offer personalized quotes based on intimate details of our lives including our medical histories. The financial industry designs loans that fit our spending patterns. Facebook and Google decide how to build our news feed with an eye on their advertisers. Amazon chooses an assortment of products to offer to each customer based on their past purchases.
The key ingredient is customers' data: companies engaged in personalized revenue management adopt complicated machine-learning techniques and algorithms on the historical data of their previous customers to build models of human behavior. In essence, the company can come up with the best possible price (or assortment, for example) for the new customer because he or she will resemble previous customers with similar characteristics. With this kind of decision-making framework usually used in the data-driven revenue management applications, which heavily relies on the (potentially sensitive) historical data, there are pressing privacy risks. While a hacker might simply steal historical data, they don't necessarily have to hack into a database
Conclusion
In our work, we design “privacy-preserving” algorithms to be used by companies engaged in data-driven decision-making. These algorithms are aimed at helping such companies to limit harm imposed on their customers due to data leakage. While data cannot be made 100% safe, the goal is to reduce potential harm as much as possible, striking the right balance between benefits and risks. One possible way to design privacy-preserving algorithms for the companies engaged in data-driven revenue management is to impose an additional constraint on the companies' decision-making framework. In particular, we can require that the decisions of the company should not be too dependent on the data of any particular customer from a historical dataset that the company used to derive this decision.