Having recently launched live music event discovery app Gigseekr, with user privacy a key consideration, DAM Good Media CEO David Hamilton provides his perspective on the need to respect customer data.
It seems that for the last few years, any mention of tech companies in the press is closely followed by some form of privacy scandal or leakage of user data. With the likes of Google and Facebook, among many others, internet users have to accept private data is used in ways that we often aren’t made aware of to fill the pockets of global corporates.
For most of us this isn’t perceived to be a problem until it all goes wrong, at which point we set up new passwords for services in the hope that something more serious like our bank accounts or credit cards don’t get hacked – a process that would be much harder if our private data wasn’t harvested.
Gigseekr is a new event discovery service. In many ways it is no different from Facebook, it is a service that operates around ‘big data’. The better we can understand the data, the better the service we can offer. There is one big difference, at its core Gigseekr has been built around the user requirements not those of a commercial enterprise. There are core elements of Gigseekr that will always remain, including being free to use and having no adverts, the most important is not paying lip service to the privacy of our users.
Why does any service need a user to create an account up front? Marketing departments will want every email address possible but all they end up with is dirty data and poor interaction metrics. At Gigseekr we don’t ask the user to create an account, they are straight into the app. We ask one question – What region in the UK are you from? We ask this because a user in Cornwall is unlikely to want to see details of events in Scotland. We create a pseudo-user in the background, but we have no idea that Joe Bloggs from Cornwall is the ID ‘d5bfs24fs’.
An actual account can be useful for the user especially as our features grow. This means there are many things that need to be thought about, and almost all of them are implemented differently to what is expected:
Do we really need a user to give us an email address and password? If our service gets hacked then a user’s password could be at risk and therefore giving away access to all their other online services.
Do we really need to know what gender or race someone is? More often than not this data is pointless, each person is an individual and the stereotypical marketing buckets should be eradicated and replaced with analytics that have meaning and produce results.
This is really important piece that is often only thought about for passwords. There is no need for any of the personal data about a user to be stored in plain text. This means that no member of staff working for a company can look at data they shouldn’t be able to, it also means that should a company get hacked then the hacker’s job is harder.
The pseudo user account is the one that monitors the interactions of which acts are being followed or events have been attended. Any of the private and encrypted user data is not stored in the same place.
Handling data in a privacy aware way is a different way of thinking, daunting even, but it is liberating. It is amazing how much weight of responsibility and liability is lifted.