Imagine, to your horror, your consumer-facing business gets caught in a nasty Twitter-Storm of people who want to delete their accounts. A fast-spreading rumor spreads with a hashtag like #DeleteYourCompany. People are responding with anger and outrage. The rumor may or may not be true, but people don’t care. They want to delete their accounts, and they want to do it now!
But it isn’t working, which makes things worse.
Your company needs to formulate a clear, trustworthy response, and your leadership team is occupied in putting out this public relations fire. At the same time, your engineering department is overwhelmed. Some of your customers are heeding the call to delete their accounts. Not only does your policy promise that they can unsubscribe at any time, some laws may require you to offer account deletion. They can delete their accounts by sending an email with the request, but the task isn’t automated.
Your business has information about customers in a number of different places, such as the customer relationship management tool, the email list, the database with the account itself, and perhaps any files with data the user has stored. Your engineers are busy trying to compile all this information. Even just for the database alone, they need to understand the dependencies between the data tables and to make sure that deletion doesn’t lead to cascading failures. On a normal day, a single deletion request could be handled in an hour or so.
Now your company is getting hundreds maybe thousands of requests, and your engineers are busy responding to them one by one. The volume of requests is clearly not amenable to an ad-hoc process. In the meantime, some engineers are working to build an automated deletion feature, which takes time away from responding to the deletions. There is a backlog of deletion requests. It takes days to respond to each request, but this only adds fuel to the flames of bad publicity. Now people believe that you are deliberating ignoring their request to delete their accounts. An article appears in the New York Times about the malfeasance and you are threatened with lawsuits.
It could happen to you
Is this unrealistic? It happened in 2017, to Uber. In the early days of the Trump presidency, people were accusing Uber of trying to profit from an immigration ban, and nightmare described above unfolded. While Uber leadership was trying clarify the company’s intentions, that didn’t stop the #deleteUber hashtag. In the meantime, there was a 10% drop in rides on that weekend, with users switching to the competitor (and in many cases, staying with the competitor). With a load of requests to delete Uber accounts, engineers working over the weekend, and people began accusing Uber of not letting them delete their accounts.
Uber already had a decent market share, and strong investors. The company was able to survive this (and other) public relations disasters. But it did lose revenue and customers. For your company a similar event would likely be painful. It could cost you revenue, do long-term reputational harm, or lead to the failure of your business.
In my research with startups doing smartphone app development, I found that small companies know they need to build features like deleting accounts and other privacy options. However, they struggled to prioritize it when other features would directly help their growth. Helping users delete their accounts feels like the opposite of what the company is trying to achieve, and so, like Uber, it doesn’t get prioritized.
Three Steps to Prevent this Disaster
You can prevent such a disaster, and prepare your company to align with existing and upcoming privacy laws. The steps below will benefit your company in multiple ways.
- Do a data inventory of all the user data. Check with all your departments. Does marketing have a customer relationship management tool (or several)? Does finance have a database? Where is all the user data that fuels the customer experience? Survey all your departments and make sure you understand what data you have, where it is, and how it flows
- As part of the data inventory, assess how to automate deletion and exporting wherever user data is stored. For example, is there an API that allows you to unsubscribe users from the company newsletter, or does an employee need to click through it by hand? Do you have machine learning pipelines that take and transform user data? If a user deletes their account, will machine learning models still be providing decisions based on their data? How long will it take to rebuild those models?
- Assess the cost and benefit of keeping that data. I personally love pre-mortems as a way to assess risk. By imagining a situation such as #deleteYourCompany, decisions makers can uncover fail points before they occur. This can give you more information on how long it will take to build automated delete functionality, and how it weighs against other features your company may want
- Automate functionality to allow users to export their data, and delete their data. There will be engineering economies of scale to do both at the same time. By providing an export function, you are not only complying with privacy regulations like GDPR. You are also providing users who delete their accounts with a way back to you. They can export and store their account, and when they trust you again, it will be easier for them to come back.
For most companies, doing the data inventory is the hardest part. It requires coordination and political willpower across multiple functions. Multiple departments need to understand what information is helpful. In this case, you likely need a champion who can discuss the issue in the languages of all the different departments. If you don’t already have someone in your company with the skills, privacy engineers and consultants have expertise in building data inventories, and assessing the risk and benefits of data.
A data inventory will provide long-term benefits in complying with privacy regulations as your company grows. It will help your business provide many user-centric privacy features, and help you assess the cost and benefits of the data you have and collect.
Once you have done the first two steps, the engineering work will be much easier. Even if you don’t build the user interface yet, you’ve already set your engineering team up to deal with a similar crisis by automating deletion. In the meantime, you’ve taken steps to comply with privacy laws and provide the privacy features your users will love. It is a win-win situation for leadership, engineering, and your customers.
Where to learn more
- What You Need to Know About #DeleteUber By Mike Isaac New York Times 2017–01–13 https://www.nytimes.com/2017/01/31/business/delete-uber.html
- The numbers are in, and #DeleteUber worked — in Lyft’s favor By Abha Bhattarai Washington Post March 14, 2017 https://www.washingtonpost.com/news/business/wp/2017/03/14/the-numbers-are-in-and-deleteuber-worked-in-lyfts-favor/
- The Privacy and Security Behaviors of Smartphone App Developers: Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L. NDSS Workshop 2014 Usable Security Experiments (USEC)
- Data Inventory: what it is and why you need it: From Data Privacy by Nishant Bhajaria https://medium.datadriveninvestor.com/data-inventory-what-it-is-and-why-you-need-it-7d738b8caee6
- Performing a project Premortem by Gary Klein, September 2007, Harvard Business Review, https://hbr.org/2007/09/performing-a-project-premortem