Wednesday, June 20, 2007

Is it ethical to track individual details through WA?

Another very interesting discussion thread on the Yahoo! Web Analytics discussion group. The question is:
Let's say the marketing department wanted to review the behavior of each and every user of an internal application in the banking domain. Would it be ethical to use Web Analytics to track this information?
Ethical concerns are very different when dealing with the general public or employees, especially if within the boundaries of internal corporate systems.

Web Analytics and system journalizing

Web analytics should not be used to track individuals, but rather to find actionable patterns that you can act upon. Just like in a statistics sampling, you don't have to use all the data, and you don't focus on an individual entry, but you can still come up with valid conclusions.

Journalizing (to record in a journal) goal is to track the actions of an individual person. This can be a perfectly valid scenario where "non repudiation" of an action is important (such as in financial transactions). This is usually done at the system level and is stored in secured databases, not using WA solutions. For internal systems, especially in financial institutions, it is best practice to monitor abnormal employee activities.

Is it ethical?

In the specific question above, the IT department because they are very likely to already have some kind of logging and monitoring in place... and probably it's something not widely publicized within the organization. Now, from a marketing perspective, I don't think it would be ethical to use that data in to track individual user actions. Would it be acceptable for marketing to read each employee email in the hope of understanding what everyone is doing? Obviously not. Is it acceptable to monitor email activities to filter or act on viruses, spam, adult oriented or confidential leaks received or sent by employees? Absolutely. It should be the same for the use of web sites and other systems: act on the exception, not the individual person.

For more information on this topic, read my previous post entitled "Protect you customers' privacy ethically, not legally".