Google and Business Data Privacy

As just about everyone who reads the news knows, Google announced on Tuesday, January 24, 2012 that it would merge the data it collects from individual users across all of its properties starting March 1, 2012. Basically, Google will be able to better anticipate how to direct individual user activities to best serve their needs, building a grand database of all user activity and behaviors. The question that few are asking, though, is what the impact will be on businesses. That's where things get really complicated.

(Disclaimer: I've been a Gmail user for personal email since it was an invitation-only beta and have several friends and acquaintances who either currently work or previously worked for Google.)

Privacy advocates are rightly condemning the further degradation of our personal data barriers by way of cloud services. But, I often argue (to great debate in most cases) that those barriers were largely fanciful to begin with. We human beings are very social creatures and are like to divulge personal and sensitive information to complete strangers as a way to engage them and build trustworthy relationships. Our conversations often revolve around where we live, when we purchase property, how old our children are, where they go to school, when we travel, etc. While we're willing to divulge that information, we're unwilling to accept that it may be saved and aggregated for later use.

What Google is doing is combining its databases, uniquely identifying individual users in a way that's common across all Google interactions. When you're signed in to a Google property like Gmail or Google+, then Google will know who you are when you watch that funny talking dog video on YouTube or when you search for the next great piece of consumer electronics. It can then use that information to target ads to you that it thinks you would like. Click on one of those ads, and it will know that too. It's important to understand, though, that Google had all of that information already.

The difference now is that it will be able to attach it to an individual as a known user versus the individual as an anonymous but recognized user. It's not collecting anything more, just making it easier to put it together (something that they were probably already doing with a bit more effort, but that's a subject for another conversation).

I think that the biggest challenge for businesses revolves around the smartphones built on the Google Android operating system. That shiny new Samsung Galaxy NEXUS in my pocket (see, more personal information) essentially requires that I log in to my Gmail account to do anything of any use beyond answering calls and surfing the web. That sign-in allows me to purchase and download apps from the Android Market, use Google Maps and Navigation to guide me around town, synchronize my contacts to the Google cloud to make them available across my computers, etc. With the new privacy policy, though, that persistent state of "being Michael" will grant Google the opportunity to track all of my phone activities.

Like most business people, my phone is the ultimate linkage between my personal and professional lives. By signing into it, Google will now be able to better understand me as an IT professional versus just me as a casual user. It will be able to track where I go for business meetings (or just regularly go for work), when I will need to be there (by virtue of my calendar), what competitors I may be conducting research on while waiting in an office lobby, and what data I'm putting into Google Apps to support my business activities. Again, it already had that data, but now it knows who it belongs to. That's a very powerful position to be in (and one that should make businesses very nervous).

However, it's important to recognize that all is not lost. As I stated earlier, we tend to divulge information to people and organizations that we trust. Google may be able to use that information to "do evil" upon any individual, but after my nearly eight years of using Gmail, I haven't seen any indication that evil is coming. Also, businesses gain great benefits from embracing cloud services such as those that Google provides. Rather than scream about the sky falling (it's not), organizations should first conduct a risk assessment around what it means to do business in the cloud era. That's the first step towards understanding that cloud services have changed the way that businesses do business. It's time to innovate the business to prevent being left behind.

Businesses have options to protect themselves. Short of banning all smartphones (don't just assume that Apple or RIM are really doing anything different), businesses should first redefine their control boundaries and accept that device control is out of reach. Then, they can work with organizations like InfusionPoints to help them understand how relinquishing the fantasy of device control positions them to gain greater control over their sensitive data assets. Emerging technologies, such as corporate app stores and hardened smartphone operating systems, can also help organizations gain greater control over how employees conduct business activities and minimize data leakage.

If you would like to comment on this or any of my other postings, you may look for it on Google+ or on LinkedIn and comment there. This helps counter SPAM and promotes intelligent discourse over anonymous rantings.