Why Sending KPIs and Customer Data to Third Parties Might Be a Bad Idea
Here’s the question – if a stranger asked how much revenue did your business make yesterday, would you tell them? If a stranger said ‘can you give me your customer list’ would you?
We live in a world where increasingly our information is being sold and distributed. We sign up for a valuable service and another part of my customer database lives in another place. We automatically click the ‘Agree’ to every privacy policy and terms and conditions agreement because we’ve been trained to do that.
I recently read a blog article for the “23 Must-Have Alexa Skills for Your Small Business” https://www.pcmag.com/article/351544/23-must-have-alexa-skills-for-your-small-business to see what I could/should be doing with Alexa that I’m not already doing.
One solution that caught my eye enabled sending your KPI information to Alexa so you could get a business briefing. This was a useful function, so I dug in a little further to see how it worked.
The first thing that I learned was that this specific company was not a free Alexa skill, but integrated with their platform which was a paid service for $29/month. It was a free trial disguised as a free service. Ok, I get that a guy needs to eat (to me, the price point is high for the value it provides and the SMB gets killed $10, $20, and $30 at a time every month) but if it gives you $29 of value, fine.
Then I was curious and looked at their privacy policy:
Here’s the interesting thing. This data isn’t personal. They can sell it, share it, give it away, even post it publicly if they wish.
According to this Medium article (I’m not a lawyer) When B2 Data is Personal Data and What That Means With the GDPR https://medium.com/@digital_compliance/when-b2b-data-is-personal-data-and-what-that-means-with-the-gdpr-d4223ea74e09:
- Sole traders and partners = treat as personal data
- Personal business data (e.g. an individual’s email address) = personal data but you can market relevant services, but provide an opt-out
- Generic business data = you can market, but provide an opt-out
I went to the Alexa skill and gave it a poor rating in the hopes that it would inform others about their lame privacy policy and the risk of the information that they are exposing. I also published a reply to the article itself in the hopes to educate someone before they click the ‘Add Skill’ button.
So, ask yourself before you send your data somewhere that you don’t control:
- Can this data be sold?
- If this data were hacked, could it hurt my business?
- Could the company who is hosting my data use my data for their own purposes?
If so, you may want to think twice when you don’t control the database.
