This is the third in a series of columns exploring health information technology (HIT) in the neonatal intensive care unit (NICU). The first column provided background information on the implementation of information technology throughout the health care delivery system, as well as the requisite informatics competencies needed for nurses to fully engage in the digital era of health care. The second column focused on information and resources to master basic computer competencies described by the TIGER initiative (Technology Informatics Guiding Education Reform) as learning about computers, computer networks, and the transfer of data.1 This column will provide additional information related to basic computer competencies, focusing on communication and collaboration technologies. Computers and the Internet have transformed the way we communicate and collaborate. Electronic communication is the ability to exchange information through the use of computer equipment and software.2 Broadly defined, any technology that facilitates linking one or more individuals together is a collaborative tool. Collaboration using technology encompasses an extensive range of applications that enable groups of individuals to work together including e-mail, instant messaging (IM ), and several web applications collectively referred to as Web 2.0 technologies. The term Web 2.0 refers to web applications where users interact and collaborate with each other in a collective exchange of ideas generating content in a virtual community. Examples of Web 2.0 technologies include social networking sites, blogs, wikis, video sharing sites, and mashups. Many organizations are developing collaborative strategies and tools for employees to connect and interact using web-based social media technologies.3.

In several countries, the right to internet access has been made law. Some countries are required to work to ensure broad access and are prevented from unreasonably restricting citizens’ access to the internet.

The United Nations has declared internet access a human right, and as the VP of marketing at a company that offers a consent management platform, I believe classifying internet access as a human right means a lot more than just enabling people to watch TikToks.

It would not seem like a huge leap of logic, then, to assert that if accessing the internet is a human right, then determining how we use the internet should be as well. 

Whose Data Is It, Anyway?

For internet-based companies, it’s largely been a free-for-all. Plenty of companies have grown massive — in revenues and influence — from hoovering up internet users’ data unopposed. Much of what internet users do online is tracked, because the greater the volume and detail of our data, the more it’s generally worth.

Online, everything is magnified. The internet as a communications platform allows companies to reach far more people than they could in analog ways. As a commerce platform, it gives us access to an entire planet’s worth of potential customers. And as a data source, the volume of data and opportunities for use it provides are nearly limitless. 

Until quite recently, companies have been able to do almost whatever they like to collect our data online, regardless of site, platform or activity. Rarely did consumers have to consent to this or even know it was happening. 

That is changing. People are getting savvier about how they are tracked online, by whom and for what purposes. We are also exerting our right to consent — or not — to the collection, storage, use and sale of our data. Having one’s identity and activities mined like diamonds, and potentially stolen, is no longer just the price to be paid for being active online.

Current Legislation

Now, consumers’ rights to data privacy are still inconsistent. People in the European Union can opt in to allow companies to process their data, whereas consumers in California have to request to opt out, which means they're unable to prevent the data collection by default. 

The United States also does not have a comprehensive federal data privacy law, so the proposal and adoption of laws is largely progressing on a state-by-state basis at this point. This is a potential compliance nightmare for companies.

However, to not enact data privacy measures is to risk potentially ruinous fines, public relations disasters and loss of customers’ trust — especially if a company is the victim of a data breach or other violation.

Consequences For Bad Behavior

This has been perhaps the only major catalyst that has encouraged companies to mitigate the disproportionate effects of being cavalier with customers’ data. A company may suffer some temporary reputational damage and unwanted media attention, but news cycles move fast and such things are often quickly forgotten.

But they're not forgotten by the customers left to clean up the mess, re-secure their own accounts, disprove fraud or fight possible identity theft through no fault of their own. 

Hearteningly, requiring consent management online is becoming more mainstream. Companies are starting to accept that it should be done.

Growing Value Of Data Privacy

Consent as a competitive advantage is still a new idea. It’s still a tough sell to a lot of companies. After all, how could collecting less data be beneficial? Why should consumers have all the power regarding data access when they don’t even understand their own online data trails?

Minds are starting to change, however. Getting users’ consent up front and explaining how you'll use their data can build trust. This can increase credibility, which can drive engagement. That grows relationships, which can lead to recurring and increasing revenue. 

Consent-based data can be more useful because you have explained what you want to collect and what it will be used for at each step, and the consumer has said yes. The key to getting this buy-in is that the consumer sees the request as being in their interest. 

McKinsey recently conducted a consumer survey about attitudes toward privacy and data collection. They note that “consumers are becoming increasingly intentional about what types of data they share — and with whom. They are far more likely to share personal data that are a necessary part of their interactions with organizations.”  

McKinsey's research suggests that what consumers are comfortable sharing and with whom is tied to the industry the company is in (e.g., they're most comfortable sharing information with companies in healthcare and financial services). However, no industry had even a 50% trust rating for data protection.

Ensuring full compliance with relevant data privacy laws is complicated, but there are ways that companies can get started now. Start at home with a data audit. Understand what data your company collects, from whom and under what circumstances, as well as how it’s stored, used and shared. 

From there, become familiar with relevant privacy laws where you do business and how they affect you. It’s unlikely to be as simple as just complying with current local and state laws. So aim for the most comprehensive compliance you can to avoid playing whack-a-mole as new laws are passed. That said, compliance isn’t a one-and-done endeavor. The process of keeping abreast of legislation and new laws will be ongoing.

Most importantly, always keep your customers in mind. Ask, “Do we need to collect this specific information?” when doing the privacy audit. Ensure your website’s cookie banner is clear and easy to use. Make communications channels for customers with privacy requests easily accessible. Taking smaller but concrete steps now can make compliance less daunting.

This is how companies can set themselves apart. It's how they can become trusted sources of products, services and information. This is why I believe looking at data privacy as a human right is not just some quirk of 21st-century democracy.

It’s also good business.