As consumers, we’re becoming more aware of the trail of data we leave behind as we go about out our daily lives. From social media sites to online shopping services, records of interactions are constantly being generated.
It’s a similar case for a modern business. As transactions with partners and suppliers are increasingly conducted digitally, the pool of associated data continues to grow.
As a result, more and more business customers are demanding that the Software-as-a-Service (SaaS) companies with which they have relationships do more to safeguard their usage data. They are also very keen to know how that data might be being put to use.
Unlike personal data, business usage data is generated each time a business customer interacts with a business-to-business SaaS product. This creates both benefits and concerns, depending where you’re sitting in the process.
For example, a SaaS provider may collection details about their business customer’s interactions and use them to enhance their offering. If they can see a particular feature is causing headaches for the clients, it can be redesigned or replaced. The end result of this process is a more efficient and effective SaaS platform.
From another perspective, however, the interaction data being generated every time a business uses the SaaS platform could be used in a very different way. Observations of usage patterns and volumes might reveal where a business is focusing its efforts. Perhaps a rise in interactions is associated with a new product about to be launched or a planned merger with a rival. Things the business wants to keep private could actually be in plain sight.
Recent privacy stumbles by companies such as Facebook have led to increasing numbers of consumers paying closer attention to their data and how it is used. Indeed, in a recent consumer sentiment survey conducted on behalf of Snowflake, 73 per cent of respondents confirmed they feel greater data policy and regulation is required. Just 6 per cent felt they needed less and 21 per cent indicated the measures in place currently were sufficient.
This growing awareness of and call for better privacy is now flowing into the B2B sector where businesses are increasingly demanding similar kinds of privacy protections for SaaS and other B2B platforms. Unfortunately, however, those expectations don’t migrate well from the consumer to the B2B space.
For example, should a business have the same privacy protections as a private user? Or should individual employees using third-party vendor services on a corporate network have the same privacy protections as they do when acting as private citizens on their home networks?
How much privacy is enough?
When you initially consider questions such as these, it would appear best to err on the side of privacy, and it may not be clear why maximum protection should not be afforded to B2B user data.
The reason is that companies delivering B2B services need the ability to collect and retain certain data. For example, if you’re unable to track an IP address, it becomes impossible to secure customer data or shut down a malicious attack.
Also, if a business is not allowed to connect personally identifiable data to a business customer’s account, it will be much harder to provide first-class service when that customer needs support.
Businesses that store their customer’s data on the servers of other companies, such as Salesforce or Oracle, have a vested interest in those technology partners protecting that data. However, a company can’t simply outsource the data security challenge to another organisation. It remains their responsibility to ensure the data remains secure at all times.
Another big challenge arises for multi-national companies that must comply with data security and privacy regulations in different countries. One approach many are taking is to carefully locate certain roles and functions in jurisdictions based on the local regulations that are in place.
If, for example, privacy regulations are too restrictive in a certain country, it may make sense to store data elsewhere and even locate support staff in a different location. Such careful management cannot be left up to an external provider but must be carefully managed by the company itself.
There are no definitive rules for B2B companies that are facing these issues. Each company must undertake a complex process of evaluation that involves the help of legal, security and privacy experts.
However, by being aware of the issues and taking comprehensive steps now to secure data, companies will be much better placed to survive any issues that might arise the future.