Guarding the Henhouse: Keeping Your Customers’ Data Secure
Every month or two, the news tells us about another big multinational corporation whose cache of customer information and data –sometimes including Social Security numbers, credit card info and other personal data – has been hacked or breached or in some way released to the web-o-sphere.
Reading this, we all ask and think ‘what a shame,’ never pausing to wonder how many small or midsized companies have suffered the same misfortune without making the news. Like, maybe, yours?
The Internet, of course, has come to be recognized as an amazingly powerful tool which we can use to share and obtain vast amounts of information in nanoseconds.
But the problem is that this rapid exchange of ubiquitous information is not guaranteed to be safe from prying eyes and unscrupulous actors. So customers are increasingly wary of sharing their personal information over the Internet, and companies have to work overtime to set in place policies and procedures to guard that data … or lose the trust of their customers.
Guarding data privacy for your clients involves policies and procedures that ensure the legal and ethical collection of data, how data is collected and shared with third parties and how data is safely handled.
There are some proactive steps every company, of any size, should take.
- Know the laws and regulations. Most of the privacy and data protection laws in the USA stem from the federal government, since data easily crosses state lines. Some highly regulated industries have their own data privacy laws: HIPAA in the healthcare industry, the Gra mm-Leach-Bliley Act of 1999 for finance and investing and many others.
Every business owner needs to know and understand the relevant privacy and data handling laws in their location. You might need to call in your legal department or outside counsel, but it’s worth it to spend the money to understand the laws.
- Have a formal data collection policy. Sometimes known as ‘the fine print,’ your company needs to forthrightly state to its customers what data they may seek to collect, and what you will do with the data once you have it.
Marketing teams may only collect a name and email. Other corporate departments may need phone numbers and home addresses., especially if they deliver goods. Your credit department may need even more private data from customers. You may offer a downloadable app that customers can use to interact with your products and services.
Whatever you collect, you should have a legal document that explains in detail what you will do with that data, how you might share it with third parties, and what the customer can do to withhold, protect or retract any data they have submitted.
Those usually long, intensely legal documents are often presented in the “Read Our Terms and Conditions” documents rendered in tiny typeface, and have a “I have read and agree with these terms” button at the end. Most of us skip over reading all of it and just click and go. That’s fine, but it’s important to have these legal procedures in place, just in case a question arises in the future.
You can pay your lawyer now to create a boilerplate document (pretty cheap), or you can pay him later to defend a major lawsuit if your company’s data gets hacked (whoa, Nellie!).
- Guard against hackers. Have policies in place to protect private data, limit its sharing and access within your business, and regularly back up your data for safety.
Adopt a digital security program for your company. There are numerous companies and applications that work to protect your customers’ important data. This is needed on your internal and external networks, your servers and routers, all personal computers, laptops, mobile devices and cloud-based software. Tools include data encryption, siloed access and many more.
If this last part sounds overwhelming, give Fuel Media a call. Our web developers and security experts are familiar with the latest technologies in data security, and we can help provide some recommendations for your company.
Working together, we can help ensure your customers’ data is secure and your corporate brand is protected.