Create a Privacy Protection Program
Businesses today frequently collect personal data from clients and potential customers. Because this data allows businesses to perform services and gain greater insights about their clients, personal information has become a common commodity most offices.
However, with the collection of this data comes a great deal of responsibility. Recent data and credit card breaches at Target, Home Depot and JP Morgan Chase prove that even large and world-renowned companies are in danger of exposing their valued customers to fraud and identity theft.
In fact, recent government conversations between bipartisan leadership has broached the subject of identity theft and fraud, leading many to question how customers can better be protected from hackers half a world away who are able to access unknown quantities of information with just a few keystrokes.
Part of the solution is for businesses to take client protection into their own hands. These are some tips for businesses to improve their online privacy practices:
Be aware of the amount and type of personal information collected. — Many businesses know that they should be better protecting their customers' data, but they are unaware of just how much and what type of information they are responsible for handling. Most businesses are privy to data that includes the date and time of an individual's visit, the type of services that person is using and the monetary amount of a transaction; this is not considered personal data because it does not point specifically at one individual.
However, any data that can be used to locate or contact a specific person, such as a social security number, address, email or telephone number, is considered sensitive personal data that could be used in fraud or identity theft (social engineering). Businesses need to be able to sort this sensitive data and keep it protected, but they cannot do this if they are unaware of what data is at their disposal. Working with a lawyer who can thoroughly understand and explain the businesses' obligations to their customers will help get this rolling.
Create a privacy program to protect customers. Many businesses assume that they can look at another business's privacy program and just apply it to their own situations. However, this cookie-cutter approach is anything but comprehensive. With specialty services and specialty data collection, privacy policies must be custom-made for each company. Businesses that are serious about offering good privacy practices to their customers must consult with an expert who is trained and prepared to tailor a program specifically for those businesses.
A good privacy program must encompass a business's entire list of activities.
When companies fail to accurately account for their customers' privacy needs, they put their clients at serious risk, and they open themselves to potentially devastating litigation.
Conduct routine mini-audits. Investing in online privacy practices is an expensive and time-consuming endeavor. Even with a solid privacy plan in place, the success of the endeavor cannot be measured without routine audits. These will determine how well the privacy plan is working as well as where improvements can be made.
In order to be most effective, these mini-audits are best conducted every 6-8 weeks to assess the ongoing progress of the security and to decide where the next initiatives should be focused. In addition, these audits can locate areas that are unnecessary and are costing the businesses too much money. With quick and decisive action, after these routine checks, the businesses' privacy policies will be kept at their most effective.
Have a legal team and process in place. The companies who have weathered the storm of a data breach hoped to never have to face such a potentially devastating situation. However, these large corporations were fortunate in that they had a legal process and legal team in place that was ready to step in and respond to privacy-related issues as soon as they arose. Even small businesses must be prepared in case the unthinkable occurs, and they experience the loss of their customers' personal data. Having a prepared method for handling such an emergency and a team that is knowledgeable in its application could greatly save a business in a moment of crisis.
Although many businesses like to think that they are immune to the potential for a data breach and the loss of their customers' personal data, hiding their heads in the sand is not in their best interests. Putting some privacy practices into place before a disaster occurs is these businesses' best line of defense.