Can you keep a secret? If you collect any information about your customers (and who doesn’t?), the answer better be yes.
Whether it’s a loose lipped employee, a hacker’s thievery, or the offer of pure profit, losing control of customer data is one of the fastest ways to sink a previously thriving business, putting Data Breaches at #2 on our serial killers list. There are simply no excuses anymore. Even if you haven’t broken any laws, public sentiment will take you down fast.
It’s your responsibility to thwart hackers.
Those who hack to steal data are criminals. No argument there, but it doesn’t matter. You will still be blamed. Your only defence is keeping sensitive data in a rigorously controlled environment, with multiple layers of security. And in the mind of the public, all of their data is sensitive. So, ask yourself, what information do you really need? How long do you really need to keep it? Is having that information worth the risk? I suspect most of you are thinking “who would want the data I have?” Yes, you’re a small business, or yes, you’re a clothing retailer, or … Believe me when I say, everyone is at risk. If you don’t have a plan in place specifically to protect information, or you don’t know what measures are in place, call us right now!
Putting it in the fine print doesn’t cut it anymore.
Just asking can get you into trouble.
Housing renters in BC have started complaining about the information being asked of them on rental application forms. I’ve had the experience myself of being asked to complete such a form simply to book a time to see the place. I get that the property managers don’t want to waste their time showing a suite to me if they’re never going to let me rent it. But I’m also pretty reluctant to give them all my personal and financial info, housing and employment history, etc.., if I don’t even like the apartment! It’s a great example of what should come first, and a reminder that if you collect such info, and “rent the suite to someone else” so to speak, it is your responsibility to destroy that information – the emailed version, the one you saved to your device, the one you printed, the one you sent to the owners, etc.
My best advice here is to take a step by step approach to asking for information. Only ask for what you need to get to the next phase of the interaction, and only keep what you absolutely need.
Create a Data Breach Response Plan now.
Remember that misplacing a phone or laptop that can access data could result in a data breach. Keeping a customer file in a car unattended could result in a data breach. These types of situations require an investigation to determine whether or not a breach occurred; and if you cannot say with absolute certainty that a breach did not occur, you need to make the appropriate notifications.
Sending an order confirmation to the wrong email address is a data breach. Leaving a detailed message at the wrong phone number or at a number accessible by more than one person (e.g. home number instead of cell number), is a data breach. Most of these type situations are far from disastrous, but may still require notifications, and should certainly be investigated to make sure they don’t happen again.
Bottom line: Do your research to know what you are legally required to do if a breach is suspected, then create a plan that meets those, as well as the ethical standards of your brand, and the expectations of your customers. Give us a call if you want some help.