WhatsApp Controversy Highlights the Importance of Data Privacy

If you think customers aren’t concerned about what you do with your data, the recent WhatsApp controversy should make you think again. 

When the popular messaging app announced changes to its privacy policy that eliminated the ability to opt-out of sharing data with its parent company, Facebook, thousands of users jumped ship. 

Data such as address books, phone numbers, photos, and the contents of some messages will be automatically shared with Facebook after the policy goes into effect, which was supposed to happen on February 8. 

The company pushed the date back to May 15 to give users more time to understand the new policy. Rather than trying to understand it, though, many users have closed their accounts.

Six data privacy mistakes that apply to your business

If you own a business that operates online to any extent, the controversy surrounding WhatsApp’s new policy should concern you. Here are six things to watch out for to ensure that you don’t lose customers because of data privacy concerns:

1 – Having insufficient data security measures 

If your company collects personal data, that data must be properly secured. All too often, businesses rely on apps that have inherent security vulnerabilities, or they fail to implement measures that shield personal data. 

Any time you must transmit customers’ personal data, the data must be encrypted and otherwise secured. Otherwise, the information becomes vulnerable to hackers and is basically available to the entire internet. It’s crucial to invest in effective data transfer security protocols like SSL encryption, or you could run afoul of data privacy regulations and end up in hot water.

In addition, your business should also utilize a system that continuously analyzes your systems and applications while they are running. According to Cloud Defense, this is one of the most effective strategies for detecting data breaches early and for auto enforcing your code security and compliance policies.  

2 – Collecting and storing too much data 

Businesses should only collect and store information that they absolutely need. In other words, you can’t just collect data for the sake of collecting it, and you must dispose of it once you no longer need it.

Your company should have clear policies in place regarding who can access customer data. When such data must be used, only those who will directly use it should be able to access it. In other words, you can’t let employees pull customer data at random or as needed.

Data privacy regulations stipulate that companies must have specific processes for deleting or anonymizing customer data. Merely promising to delete a customer’s information isn’t enough. You must have a written procedure in place for doing so, and it should be followed to the letter every time.

3 – Failing to respond properly to data breaches 

Given that most retail organizations are vulnerable to data breaches, it’s one issue that no company can afford to ignore. In fact, as we’ll discuss in a bit, data privacy regulations require companies to inform customers in a timely manner when data breaches occur. Therefore, your company should have a policy for potential data breaches, and it should follow that policy precisely if one occurs.

Another effective strategy to detect data breaches is to have your customers inform you. This is why you should always have a customer support system featured prominently on your website. This makes it very easy for customers to alert your security teams to their questions and concerns, including if they have reason to believe that their data has been put at risk. 

4 – Not being transparent about your data collection practices 

To remain in compliance with data privacy regulations and avoid problems like the WhatsApp controversy, your company should clearly outline how it collects customer data – and how it uses it. 

You should be prepared to demonstrate how you protect customer data as well, this information should be included in your company’s privacy policy, and that policy should be publicly available and easy to obtain. Further, you should be able to produce this policy as needed upon request.

5 – Sharing data with third parties 

Unless you have a customer’s express consent, you should never share their personal data with third parties. This is the crux of the WhatsApp issue, of course – the company’s new privacy policy eliminates the ability to opt-out of sharing data with Facebook, which many would consider being a third party. Since Facebook owns WhatsApp, however, there’s a bit of a loophole.

6 – Not keeping up with data privacy laws

Finally, data privacy rules and technologies change constantly, so it’s important to revisit your company’s data policy regularly to ensure that it’s still relevant. The best way to do this is by scheduling regular reviews of your policy. By doing so, you can update the policy promptly as conditions change, demonstrating to your customers that their privacy matters.

Regulations like the EU’s General Data Protection Regulation, or GDPR, PIPEDA, and California’s California Consumer Protection Act, or CCPA, require companies to be transparent about how they use the data they collect. These regulations apply to virtually all businesses, so you should educate yourself about them to ensure compliance.

However, the specific rules and regulations can vary depending on the legislation. The GDPR, for instance, applies to companies who process the data of EU citizens and imposes severe fines of either 20 million Euros or 4% of a company’s global turnover for failing to be in compliance. 

Requirements of the GDPR include anonymizing collected customer data, notifying customers of any data breaches affecting their data within 72 hours, and gaining the consent of customers to collect their data in the first place.

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), most recently updated in the spring of 2019, imposes much smaller fines of CAD $100,000 for failing to be in compliance with the Office of the Privacy Commissioner. The law applies to any Canadian private sector businesses and to organizations that transfer information across Canada’s borders. 

Next steps

If you’re feeling overwhelmed by the information above, you’re not alone. Many businesses struggle to make sense of today’s data privacy regulations. Get a handle on things by first determining which regulations apply to your business. 

Next, establish a clear privacy policy and related procedures for handling future data breaches. Schedule regular internal audits to ensure that the policy is still effective and protecting your customers. Maintain detailed compliance records in case your company is ever accused of violating customer privacy. Finally, consider assigning one person at your business to be in charge of data privacy issues.

The controversy surrounding WhatsApp’s new privacy policy should pique the interest of all business owners. If a company as big and powerful as WhatsApp can stumble like this, any business can. Regardless of the size or nature of your business, then, it’s crucial to make data privacy a top priority. The right technologies can help, so start investing in them today.

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter!