Serial Killers of Business #2

Posted on: June 18, 2018

Can you keep a secret? If you collect any information about your customers (and who doesn’t?), the answer better be yes.

Whether it’s a loose lipped employee, a hacker’s thievery, or the offer of pure profit, losing control of customer data is one of the fastest ways to sink a previously thriving business, putting Data Breaches at #2 on our serial killers list. There are simply no excuses anymore. Even if you haven’t broken any laws, public sentiment will take you down fast.

It’s your responsibility to thwart hackers.
Those who hack to steal data are criminals. No argument there, but it doesn’t matter. You will still be blamed. Your only defence is keeping sensitive data in a rigorously controlled environment, with multiple layers of security. And in the mind of the public, all of their data is sensitive. So, ask yourself, what information do you really need? How long do you really need to keep it? Is having that information worth the risk? I suspect most of you are thinking “who would want the data I have?” Yes, you’re a small business, or yes, you’re a clothing retailer, or … Believe me when I say, everyone is at risk. If you don’t have a plan in place specifically to protect information, or you don’t know what measures are in place, call us right now!

Putting it in the fine print doesn’t cut it anymore.
Terms of Use and Privacy Policies are long, often filled with legal jargon, and rather a nuisance for customers who just want to get on with their task. No one reads them. The problem is, everybody knows no one reads them, so using the fact that a customer has agreed to your terms is no longer a valid defence. There is an expectation of privacy around credit card numbers, medical issues, and any other information a client provides to you for the purpose of doing business with you. So again, ask yourself what you really need to know, what you need to keep, and how you get rid of personal data. Learn more about the laws in your province or state, and reconsider and update your privacy policy.

Just asking can get you into trouble.
Housing renters in BC have started complaining about the information being asked of them on rental application forms. I’ve had the experience myself of being asked to complete such a form simply to book a time to see the place. I get that the property managers don’t want to waste their time showing a suite to me if they’re never going to let me rent it. But I’m also pretty reluctant to give them all my personal and financial info, housing and employment history, etc.., if I don’t even like the apartment! It’s a great example of what should come first, and a reminder that if you collect such info, and “rent the suite to someone else” so to speak, it is your responsibility to destroy that information – the emailed version, the one you saved to your device, the one you printed, the one you sent to the owners, etc.

My best advice here is to take a step by step approach to asking for information. Only ask for what you need to get to the next phase of the interaction, and only keep what you absolutely need.

Create a Data Breach Response Plan now.
Remember that misplacing a phone or laptop that can access data could result in a data breach. Keeping a customer file in a car unattended could result in a data breach. These types of situations require an investigation to determine whether or not a breach occurred; and if you cannot say with absolute certainty that a breach did not occur, you need to make the appropriate notifications.

Sending an order confirmation to the wrong email address is a data breach. Leaving a detailed message at the wrong phone number or at a number accessible by more than one person (e.g. home number instead of cell number), is a data breach. Most of these type situations are far from disastrous, but may still require notifications, and should certainly be investigated to make sure they don’t happen again.

Bottom line: Do your research to know what you are legally required to do if a breach is suspected, then create a plan that meets those, as well as the ethical standards of your brand, and the expectations of your customers. Give us a call if you want some help.

Serial Killers of Business #1
Serial Killers of Business #2
Serial Killers of Business #3
Serial Killers of Business #4
Serial Killers of Business #5
Serial Killers of Business #6
Serial Killers of Business #7
Serial Killers of Business #8
Serial Killers of Business #9
Serial Killers of Business #10