Respecting Privacy
Trust Issues
Are you concerned about how companies use your personal information? According to the Pew Research Center, 79% of U.S. adults report being concerned about their data, too. Major data breaches occur too often, and most of those never reach the paper.
In the Information Age, consumer confidence is a valuable commodity. If a data breach occurs, the customer will have to do considerable work to minimize their exposure to identity theft. If credit card information was stolen, the customer must call their credit union or bank to issue new cards. A data breach in today's Software as a Service (SaaS) model means the customer must update account information for all subscribed services like Netflix, HelloFresh, GoDaddy, Shopify, Apple Pay, and Google Pay - a real pain. Customers might choose never to do business again with that company again.
If Social Security numbers (SSN) are stolen in the breach, that's a whole new level of frustration for a customer. Hackers can use your SSN to apply for credit and loans, take over to bank accounts, file phony tax returns, and unemployment claims. First, the customer must phone the local police and the Social Security Administration to inform them of the breach. The customer may have to subscribe to identity protection services such as LifeLock and carefully monitor their credit report for years to come. If the damage is too severe, the customer may have to get a new SSN and update all documents and services such as driver’s licenses, passports, bank accounts, and so on. Guaranteed, the customer is going to have something to say about your company moving forward.
Keep It Safe
If you seek to inspire trust with your customers, you need to implement a formal data protection policy to spell out exactly how you'll collect, store, and share personal information. Defining what you mean by "privacy" is a must. If your business strategy is to build long-term B2C relationships, communicating your commitment to information security will go a long way to instill trust.
For instance, your data protection policy should include your commitment to the fair and lawful collection of data, your method of updating data, and how customers will be protected from possible breaches. Your policy should outline the accessibility of data within your organization. Namely, what types of information will be accessible to which roles.
Shred the Gnar
The policy should also address the way information is handled in the office. Define what information can be shared internally among co-workers and what can't. If a paper copy with sensitive information is generated, how is it to be handled? Having a shred bin accessible in the office can go a long way to reduce the liability of paper documents. An old adage within the document destruction industry is "when in doubt, shred it."
...But, I Won't Do That
Your data protection policy should also clearly define what you won't do with the information your business collects. It should also include whether you will share data outside of your business, how long data will be stored, what your intentions are on the use of collected data.
Be Out In Front
Data protection is an issue all businesses will eventually have to address. Having a proactive plan in place before a breach occurs will go a long way in reassuring your customers that they can trust your business for years to come.