To conduct business and cater to customers, companies have always collected data. Back when companies secured data in locked filing cabinets, issues surrounding data privacy were much less complicated.
In today's digital environment where breaches are a reality, proper storage of personal data has become paramount.
National Data Privacy Day (January 28) stems from a similar celebration in Europe started in January 1981. The U.S. recognition day began in 2008 to spread awareness of data privacy.
Data Privacy Becoming Increasingly Important
As digital connectedness continues to increase exponentially, so will the need for diligent due practices surrounding data privacy, believes Louise Thorpe, chief privacy officer at American Express. Thorpe leads the company's global teams that oversee the risks related to privacy, information security, records management and information technology.
"While data privacy has always been important, 10 to 15 years ago the topic wasn't at the center of company conversations and initiatives like it is today," says Thorpe.
Thorpe attributes the urgency in part to the dramatic proliferation of technology, including the use of smartphones and apps and other data-driven services that require personal data.
For Tod Colbert, president of the home remodeling company Weather Tight Corporation, the need to safeguard personal data has increased tremendously since their company opened in 1986.
"Back then, we just had to ensure that our physical space was secure and that we had backups of pertinent files off-site," he says.
"Nowadays," he continues, "we have to worry about spammers and other nefarious actors exploiting vulnerabilities everywhere. From our online systems to payment sites to email—each step of the way has someone trying to crack the code."
Importance of Protecting Data
Thanks to the digital revolution, access to the internet and social sharing, today's ultra-savvy consumers expect and even demand digital privacy.
"In theory, it takes a company multiple interactions to build trust with customers, but just one negatively perceived interaction to lose that trust," says Thorpe. "In this digital age, where many businesses interact online with customers, trust plays an even more integral role as protecting digital data becomes central to the success of a business."
Data privacy is more relevant today with SaaS (software as a service) platforms, notes Khaled Assali, vice president of product management for Tuangru, a next-generation data center infrastructure management software provider.
"Just recently, a large social media platform was sued over a data scandal, and the fallout cost the company thousands of dollars," says Assali. "We're not far from the day when companies that fail to protect their data or their customers' data can go bankrupt very quickly if they don't take the appropriate measures to protect personal data."
Steps to Ensure Data Privacy
Given how vital data protection is to your company, it's important to take the necessary steps to protect customer data. These seven guidelines can help you safeguard sensitive information.
1. Limit and protect the information you collect on customers.
"The 'juicier' the information in your systems, the larger the target is on your company's back," says Colbert.
"With that in mind, opt for providing a login username and unique password, as opposed to using social security numbers, phone numbers, addresses, email, driver's license numbers and so on," he says. "If information isn't needed, don't collect it for the sake of collecting it."
2. Use state-of-the-art encryption methods.
"Employ sophisticated encryption methods for all sensitive data," says Vladislav Ginzburg, vice president and head of business development at Blockparty, a ticketing company focusing on data privacy.
"Avoid using low-encryption cloud software," says Ginzburg. "Instead, use a decentralized database with SHA 256-bit encryption."
In this digital age, where many businesses interact online with customers, trust plays an even more integral role as protecting digital data becomes central to the success of a business.
—Louise Thorpe, chief privacy officer, American Express
3. Focus on building trust for the long-term.
"Protecting customer data comes down to trust," says Thorpe. "A company's actions build that feeling of trust, which can only be developed over time. Longer term relationships are built on multiple successful transactions.
"Trust is also reciprocal," she continues. "For instance, a company extends its trust to customers by offering something, such as credit or friendly warranties and extended service programs. Invest in customers and show that your company is in it for the long haul."
4. Be transparent regarding data privacy.
During the various touch points along a customer's journey, ensure that your company is upfront and clear about the data you require and why, advises Thorpe.
"Whatever the required privacy disclosure for your industry, make sure that it's up front and center for your customers," she says. "Also ensure that the policy is clear, and that it takes into consideration the diversity of your customer base."
When publicizing your privacy policy, make it clear that you don't share customer information, advises Colbert.
"Most privacy policies are full of legalese, so it's nice to also reassure customers with a simple statement."
5. Make it convenient for your customers.
Focus on omnichannel when it comes to informing your customers of your company's data privacy policies, advises Thorpe.
"Provide the full privacy policy on initial contact and then in easy-to-access summarized versions during various touch points," she says. "For instance, have telephone customer service personnel share a brief summary and include a FAQs section on your website."
6. Train employees regarding data privacy.
While privacy is an important part of all businesses, it's vital in the healthcare field, according to Andre Saad, a physician with The Woman's Health Pavilion.
"Health information is intimate and personal, which is why HIPAA (Health Insurance Portability and Accountability Act) violations can trigger severe civil or criminal penalties," he says. "Because of that, we train all new employees regarding HIPAA and data privacy. This includes the need to inventory and account for all portable technology devices at the start and end of shifts."
For some companies, portable devices include cell phones, notes Colbert.
"Many employees desire mobile accessibility, but this can make data vulnerable," he says. "This is particularly true in the case of remote logins. It's vital that employees know the risks and protect against them."
7. Update data protection programs as instructed
"Always update your data protection programs when they say they have an update that's ready to install," says Colbert. "If they're saying to update the product, it's for a good reason."
Read more articles on cybersecurity.
Photo: Getty Images