At LivNao, one of the first things we discuss with new team members is our data ecosystem, and the methodology behind our best practices. As a data-driven business:
Customer trust is critical to everything we do at LivNao.
The goal of these open-ended discussions with new team members is not only to satisfy regulatory requirements, but to also make sure everyone is “Drinking the Kool-Aid” around data privacy best practices. Here are some of the ingredients to our Kool-Aid.
1. Ethical Use of Data
Our strategy at LivNao is to use the minimum amount of data that is needed to provide a quality product to our customers, and nothing more…
As everyone is starting to learn, data is extremely powerful. This was especially demonstrated in the myriad of recent political events, including the 2016 U.S. Election. It’s estimated that at least 87 million individuals were influenced by the Cambridge Analytica‘s targeted ads on social media. That’s 26% of the total voting population, potentially enough to influence the outcome of an election. By profiling every voter, Cambridge Analytica was able to identify individuals who could be influenced to vote for a certain candidate, and then come up with a customized targeting plan to act on these vulnerabilities. Brittany Kaiser’s book “Targeted” and the Netflix documentary “The Great Hack” dive deeper into this event.
So how do we ensure we’re using data ethically at LivNao?
Anytime we consider different applications of user data, we ask our team to always take a step back and ask themselves…
Does the use of that data follow LivNao’s mission?-> Making the world a happier, healthier & more productive place
If not, then the idea is scrapped…
2. Transparency – Informed Consent
Consumers are more willing to share their data when they know a company can help them understand how their data is being used…– David Rogers (Columbia)
Once we’ve determined that the use of data is ethical, the obvious next step is to obtain the data. Going back to customer trust being critical to our success, we believe that asking for permission is always better than asking for forgiveness. Our design guidelines & methodology is to bake transparency into our product designs from the start. What this means, is informing our users about what data we use, how it’s used, and how we make sure we’re protecting their data. This is reflected in the onboarding stage of our first product.
3. HIPAA & GDPR Compliance:
HIPAA & GDPR are great starting points for a trustworthy & secure data ecosystem
HIPAA (Health Insurance Portability Act of America) is a set of guidelines that were created to protect sensitive information such as PHI (Patient Health Information).
We’ll be writing a separate blog post about how LivNao complies with HIPAA best practices, however for the purpose of this article, here are the core components of HIPAA (which LivNao has invested heavily into from the beginning are):
- Ensuring confidentiality, integrity & availability of data (i.e. AES-256 encryption)
- Protecting data against reasonably-anticipated threats to security or integrity (i.e. only granting access to those who absolutely need it)
- Protecting data against reasonably-anticipated, non-permitted disclosures or usage (i.e. automatically logging users off after a period of inactivity)
- Ensuring compliance by our workforce (i.e. regular training & audits)
GDPR (General Data Protection Regulation) is a new law enacted by the EU that went into effect in May 2019 designed to help users better control how their data is used, and who has access to it. Again, we’ll be making a separate post about how we comply with GDPR guidelines soon!
Data or Security Questions?
We’re always happy to chat about how we use & protect your data. Get in touch with our data officer anytime at firstname.lastname@example.org.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request the address above.