Who owns your data and what can they do with it?

Who owns your data? And what can they do with it?


I hear an awful lot of people talking about “Who owns your data?” these days. It seems it’s a real discussion anywhere you go, and usually surrounding cloud software providers.

So, let’s dig in…

First of all, what is “data”?

Data consists of ALL your customer information—addresses, phone numbers, birthdays, financial transactions, detailed information on what was loaned on, how much was loaned, what was paid…everything.

Sales? Oh yes, EVERY item that has been sold, and to whom it was sold and for how much…

Everything you do, (and I mean EVERYTHING) is recorded in your software. I mean, that’s why you made the decision to use software, right? To make things easier and to keep track of your business.

Who owns your data? The better question may be who can use and sell your data?

If you are a Data Age customer, and you use our on-premises version of PawnMaster, your data is right in your store, and NO ONE has access to it but you…

Simple right? Yes, for on-premises solutions.

But not so fast for those using cloud platforms.

With a cloud provider, things get a bit more complicated.

Where is your data then? In the cloud?

Who has access? What are they legally allowed to do with it?

It gets pretty foggy, but actually it should all be spelled out in your End User License Agreement, or EULA.

Make sure you pay attention to  the part that spells out what they are allowed to do with it!

Here are some facts.

If your data can be used or sold to anyone(!) then, by law, what are your liabilities?

Check your local state laws concerning consumer privacy. The year 2024 has huge implications here as many states are clamping down on consumer privacy. For example, in Florida as of July 2024, you are required to notify your customers that their information can be sold. If you don’t, you are liable for $50,000 per occurrence!

Florida law states: The FDBR creates obligations for organizations that are not otherwise deemed data controllers. Specifically, all for-profit entities that conduct business in Florida and collect personal data are prohibited from selling a consumer’s sensitive data without first obtaining the consumer’s consent. The FDBR grants the state Department of Legal Affairs the exclusive authority to enforce FDBR, and a violation of the FDBR is deemed an unfair and deceptive trade practice. The FDBR authorizes civil penalties of up to $50,000 per violation but does not create a private right of action.

Is your stomach turning yet?

Here’s the seriousness of this; whether or not you are aware of it, you may have inadvertently agreed to giving access to your data, customer and financial to your software provider with the simple click of a button, “I Agree”. If you aren’t sure, look at your End User License Agreement. It’s all there.

If you don’t have a separate agreement to keep your customer data private to your company (and if you do, why are there separate agreements?), you should seek legal advice as to you and your company’s exposure.

You have the right to expect honesty and transparency from the vendor that is providing the software that runs your business, and the right to expect they would not put you in harm’s way or use your data in a competitive way. Don’t be afraid to ask the hard questions, your livelihood may depend on it!