If you think customers aren’t concerned about what you do with your data, the recent WhatsApp controversy should make you think again.
Data such as address books, phone numbers, photos, and the contents of some messages will be automatically shared with Facebook after the policy goes into effect, which was supposed to happen on February 8.
The company pushed the date back to May 15 to give users more time to understand the new policy. Rather than trying to understand it, though, many users have closed their accounts.
Six data privacy mistakes that apply to your business
If you own a business that operates online to any extent, the controversy surrounding WhatsApp’s new policy should concern you. Here are six things to watch out for to ensure that you don’t lose customers because of data privacy concerns:
1 – Having insufficient data security measures
If your company collects personal data, that data must be properly secured. All too often, businesses rely on apps that have inherent security vulnerabilities, or they fail to implement measures that shield personal data.
Any time you must transmit customers’ personal data, the data must be encrypted and otherwise secured. Otherwise, the information becomes vulnerable to hackers and is basically available to the entire internet. It’s crucial to invest in effective data transfer security protocols like SSL encryption, or you could run afoul of data privacy regulations and end up in hot water.
In addition, your business should also utilize a system that continuously analyzes your systems and applications while they are running. According to Cloud Defense, this is one of the most effective strategies for detecting data breaches early and for auto enforcing your code security and compliance policies.
2 – Collecting and storing too much data
Businesses should only collect and store information that they absolutely need. In other words, you can’t just collect data for the sake of collecting it, and you must dispose of it once you no longer need it.
Your company should have clear policies in place regarding who can access customer data. When such data must be used, only those who will directly use it should be able to access it. In other words, you can’t let employees pull customer data at random or as needed.
Data privacy regulations stipulate that companies must have specific processes for deleting or anonymizing customer data. Merely promising to delete a customer’s information isn’t enough. You must have a written procedure in place for doing so, and it should be followed to the letter every time.
3 – Failing to respond properly to data breaches
Given that most retail organizations are vulnerable to data breaches, it’s one issue that no company can afford to ignore. In fact, as we’ll discuss in a bit, data privacy regulations require companies to inform customers in a timely manner when data breaches occur. Therefore, your company should have a policy for potential data breaches, and it should follow that policy precisely if one occurs.
Another effective strategy to detect data breaches is to have your customers inform you. This is why you should always have a customer support system featured prominently on your website. This makes it very easy for customers to alert your security teams to their questions and concerns, including if they have reason to believe that their data has been put at risk.
4 – Not being transparent about your data collection practices
To remain in compliance with data privacy regulations and avoid problems like the WhatsApp controversy, your company should clearly outline how it collects customer data – and how it uses it.
5 – Sharing data with third parties
6 – Not keeping up with data privacy laws
Finally, data privacy rules and technologies change constantly, so it’s important to revisit your company’s data policy regularly to ensure that it’s still relevant. The best way to do this is by scheduling regular reviews of your policy. By doing so, you can update the policy promptly as conditions change, demonstrating to your customers that their privacy matters.
Regulations like the EU’s General Data Protection Regulation, or GDPR, PIPEDA, and California’s California Consumer Protection Act, or CCPA, require companies to be transparent about how they use the data they collect. These regulations apply to virtually all businesses, so you should educate yourself about them to ensure compliance.
However, the specific rules and regulations can vary depending on the legislation. The GDPR, for instance, applies to companies who process the data of EU citizens and imposes severe fines of either 20 million Euros or 4% of a company’s global turnover for failing to be in compliance.
Requirements of the GDPR include anonymizing collected customer data, notifying customers of any data breaches affecting their data within 72 hours, and gaining the consent of customers to collect their data in the first place.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), most recently updated in the spring of 2019, imposes much smaller fines of CAD $100,000 for failing to be in compliance with the Office of the Privacy Commissioner. The law applies to any Canadian private sector businesses and to organizations that transfer information across Canada’s borders.
If you’re feeling overwhelmed by the information above, you’re not alone. Many businesses struggle to make sense of today’s data privacy regulations. Get a handle on things by first determining which regulations apply to your business.