What a Strava palaver

Tom Gillingham

Strava’s Global Heatmap is something to behold – every single route logged by its users, overlaid onto a world map. Usually data dumps of this scale are a result of a hack, but despite the positive intentions this ‘big reveal’ set alarm bells ringing in military institutions around the world as the routes recorded clearly signpost ‘secret’ bases in various sensitive locations.

It’s a PR coup for Strava, and a fantastic example of using existing data to create visual content that leads to great media coverage. But it is also a massive warning flag for companies of all sizes as it demonstrates the significant power third parties have, to make news stories out of our data.

In 2018, businesses need to face up to the reality that their employees are haemorrhaging data to third parties. While some of the wilder claims about data being the ‘new oil’ are yet to be substantiated, there are still compelling reasons to guard data like a valuable commodity.

The Strava data dump primarily caused concern amongst institutions which have covert operations, but the unseen trails we all leave in our day to day lives could create a crisis regardless of sector. It is also a timely reminder of the many ways this data can make its way into the public domain.

Most of the data third parties harvest is fairly benign – like Spotify using your listening habits to suggest songs you might like – but there is still significant potential for reputational challenges. Our phones already know where we live and work (check your iPhone) and fitness trackers know how much sleep we get. It’s not hard to imagine the reputational damage if a porn site released the viewing habits of a very specific location into the public domain…

Many companies are only just getting to the point where they have effective policies in place to deal with errant tweeting or unfortunate Facebook posts, but this is a different communications challenge entirely. Most of us are simply unaware of the data we are giving to third parties, and have even less of an idea about how they might use it. Companies cannot afford to be in the same position.

A specific scenario like this is hard to plan for, but even having this sort of occurrence on a communications team’s radar as a potential reputational risk is a sensible starting point.

There will probably be some tough conversations going on at military bases around the world this week. However, for most non-military businesses, simply asking staff to consider the data they might be inadvertently sharing is more likely to reap positive rewards than a dressing down.