Someone asked me:
[Sure, the customers love it if you design for privacy. But customer relations management and the like almost require collecting data on your customers. So what are the business reasons for caring so much about customer privacy that you make it hard to link databases and avoid holding “dangerous” amounts of data on your clients?]
Economics, major security benefits, complying with the law, and making sure your creation isn’t used for evil.
In the short term, because becoming a data-slurping monster may cost more than it’s worth for small and medium-sized businesses. The more kinds of data you collect, the more you have to analyze it, and the more you have to buy or build systems to do the analysis. Once the analysis is done, you have to figure out how to incorporate the results back into the business so the data is doing something commercially useful. All of a sudden a simple business (buy supplies, make cookies, sell them, pay taxes) has become very complex (if we change our logo color does that affect the marginal profit on each pound of flour?) and correspondingly less efficient (crap, the new servers went down | need an upgrade).
Longer term, designing for privacy carries serious security benefits. Nobody can steal data you don’t have, and minimizing complex data-processing infrastructure means you minimize the vulnerabilities that come with it. (The less you use SQL, the less likely you are to get taken from behind by an SQL injection.)
Less obviously, the less information you have on your customers, and the less compromising it is, the safer you are from high-level attackers. As a fairly innocuous business, you want to avoid getting attacked by the people and tools used against e.g aerospace firms. As these high-profile targets get harder, attackers have shifted to penetrating the small, innocuous firms that do business with them. The attackers want information on those small firms’ big-name customers, and perhaps an unsecured route into said customers’ systems.
The law may also require you to follow some or all of these measures, regardless of who you are. The original linked blog post was written for companies in the EU — by GDP the largest market in the world — who are subject to the EU’s privacy and data protection laws. If you’re not currently required to implement such measures, you may be planning to expand into a market where you would have to do that. If you design your business so you don’t have to change much in order to operate anywhere in the world, that gives you flexibility your competition probably lacks.
Those are the business reasons. What about the ethical ones? As a company founder or systems architect you probably don’t want to see your work used to abuse people’s rights. Maybe you can keep your hand on the rudder for the moment, but acquisitions and hostile takeovers by really evil companies happen all the time. Simply going public may have the same effect, just look at what happened to “don’t be evil” after Google IPO’ed. Design for privacy makes it as hard as possible for someone to use your creation in ways you never intended.