Web

Lesson: Privacy Matters

Josh Catone
Share

Privacy matters to users. It matters a lot. That should be obvious, except that many times what seems like a small issue for us, may actually be a much larger issue for our users.

An anecdote: Today on their blog, business web app maker 37signals shared some aggregate usage data from their Highrise CRM application. Company founder Jason Fried posted a chart showing how many contacts were in the apps entire database (of over eight million) from each country. Because users can enter whatever they want into the country field when entering a contact, the data paints an interesting picture of how people prefer to reference countries (US vs. USA vs. United States vs. U.S. or UK vs. United Kingdom vs. Great Britain, etc.).

The data is mildly interesting, and I assume that’s why Fried posted it — he thought it was kind of neat and wanted to share. But almost immediately, users chimed in with privacy concerns. “I’m a fan of 37signals, so please don’t take this the wrong way. But I have to ask,” wrote one commenter. “Did we agree in our licensing to people going through our data? Do you stop at looking over addresses, or is there other info 37signals staff combs through. I’d like a little more of an illusion of security with regards to our data in Highrise.”

Fried immediate reassured commenters that this was aggregate country data pulled from a database and nothing personally identifiable was attached to it at all. “No one’s personal data is being reviewed or exposed or scrutinized or in any way compromised. This is faceless automated aggregate data,” he said.

But that didn’t allay everyone’s concerns. “So I walk up to your house, look in the window. I take an inventory of everything I see. Repeat for everyone on your block. If I report on just the quantity of HD TVs, this is okay?” wrote one commenter.

“I know it doesn’t really mean much, but for some reason it just feels… funny. I’d be ok if you only looked at the account owners info for internal use, but past that… I dunno,” wrote another.

One commenter, who said that he isn’t a 37signals customers, noted that nowhere in the TOS or privacy policy does the company mention gathering aggregate data on the information that customers store. “It looks like they reserve the right to compile stats on customers themselves, but not on the data they own. Even sharing of data about customers is restricted to legal requirements & improving the service, no where does it mention marketing that I can find,” he commented. He mentioned that Google Analytics provides a customer opt-in for the aggregate sharing of data and suggests that as a possible model for 37signals to emulate.

Of course, this is really a non-story in the long run — nothing Fried did compromised customer privacy or at all exposed any personally identifiable data. It’s a tempest in a teacup. Still, there were a fairly large number of commenters who expressed concerns over privacy quickly after the post went up, so there is a lesson to be learned here. Privacy is paramount to users, especially to business users who are using your application to store information about clients and customers. It is never a good idea to give anyone doubt that you don’t make safeguarding that privacy a number one concern, even if the specific concern is ultimately trivial.