Whose (usage) data is it, anyway?

Around the world, business customers now demand business-to-business (B2B) SaaS companies safeguard their usage data. More importantly, they want to know how SaaS companies use that type of data.

Unlike personal data, usage data is generated any time business customers use a B2B SaaS product. That’s the beauty and fear of the benefits of using SaaS. Take for example, a user’s interactions with the services. SaaS providers use that information to enhance their product as a service, thereby better serving their business customers. On the flipside, patterns that emerge from a company’s usage data might reveal where a company is focusing its efforts and what types of insights they’re trying to obtain and may even indicate the future strategy of the company.

Given how often organizations such as Facebook have been called out for privacy policies, it’s no surprise that consumers are more concerned with how companies access and use their data. In a recent consumer sentiment survey on technology and data privacy conducted by Propeller Insights, 73 percent of respondents said they feel more data policy and regulation is needed. Only 6 percent said we need less, and the remaining 21 percent said we have enough data policy and regulation.

Consumer demands are influencing business demands

This push for privacy is bubbling up to the B2B world and causing many businesses to demand the same kind of privacy protections for services such as SaaS solutions and other B2B platforms. Unfortunately, those expectations don’t translate well from the consumer world to the B2B world.

Consider this: Should a business have the same privacy protections as a private user? Even trickier, should individual employees using third-party vendor services on a corporate network have the same privacy protections as they do when acting as private citizens on their home networks?

At first glance, it might seem wise to err on the side of privacy. After all, why not afford maximum protection to B2B user data?

Here’s why: The companies that provide those B2B services need the ability to collect certain data, for many reasons. For example, if you can’t track IP addresses, how can you safeguard your customers’ data or shut down application attacks? If you can’t connect personally identifiable data to a business customer’s account, how can you provide the best possible service when that customer needs support? B2B providers typically collect usage data to improve their product, for example, to track bugs or retire features that no one is using. Who should own and control that data?

Businesses that store their own customer data on the servers of other companies, such as Salesforce or Oracle, have a vested interest in those partners protecting data with the highest levels of security. However, privacy and security don’t always go hand in hand.

Ultimately, these trends are making it harder, and much more expensive, for B2B companies to do business in a multinational, pro-privacy environment. But companies can’t walk away from the problem. In fact, the ones that can effectively manage myriad regulations and customer requests will have a competitive advantage.

One way that B2B companies are addressing these complications is to carefully locate certain roles and functions in jurisdictions based on local regulations. For example, if the privacy regulations are too restrictive in a certain country, it may not make sense to place support agents there. In reality, some companies might find that customers are asking them to enact strict protections that go even further than local law.

Unfortunately, there isn’t a clear playbook for B2B companies grappling with these questions. As business customers increasingly scrutinize vendor contracts, many companies are no doubt taking a case-by-case approach. It’s a complex process that requires legal, security, and privacy experts to weigh in. But until laws and norms catch up with technology, a case-by-case approach might be the only way forward.