If you have a website and your customers need to trust you with confidential, personal information than you have a moral and legal responsibility to safeguard that information. There have been some high-profile data hacks including Sony and the dating website Ashley Madison a few years ago and more recently Air Canada reported a mobile app breach that could affect as much as 20,000 customers according to SC Magazine.
In order to market effectively to their customers, companies are leveraging more sophisticated analytics tools which require, you guessed it, more customer data to target customers with the right offers at the right time. Marketers must be more transparent in terms of their information gathering process and security measures in order to continue get customers to willingly provide them with their personal information.
How can companies protect customer data from falling into the wrong hands? Here are some of the basic rules that organizations should adhere to when safeguarding their customers’ private information.
• If you have a privacy policy (if you don’t then you should) make sure that it accurately explains how you use customer data. Regulators tend to get trigger happy when they feel that customers’ privacy has been violated. Uber found out the hard way when as part of its settlement with the FTC it must now submit to audits of its privacy and security systems every two years for the next 20 years due to a 2014 data breach that allowed intruders to access data related to more than 100,000 drivers, including names and drivers’ license numbers.
• Be truthful about your organization’s privacy policies. Misleading or outright lying to the public about how their data is collected, stored and used has serious consequences. Snapchat was found to have deceived users about the amount of personal data (it omitted to disclose the information that it was collecting from iPhone contact lists)
• It seems like a common sense but encrypting user data. While transaction processing companies such as Visa and MasterCard require retailers to encrypt card details by default during the transaction process when a website remembers a user’s payment details it must meet industry standards and be protected the latest encryption technologies. Outdated encryption technology can
put your customers’ data at risk.
• Test your website for its exposure to hacking and vulnerabilities. E-commerce sites are most likely to be targeted by hackers and need to regularly test their site to discover code vulnerabilities and the existence of malware. Cybersecurity experts may have to be consulted or an investment might be required in advanced security apps.
• Create a disaster recovery plan before one occurs. What are the risks and contingencies associated with a cyber-attack and how will you mitigate or reduce their impacts? Typically organizations prepare themselves in the event of human error or natural disasters, but many overlook cyber-attack but many overlook the impacts of a data breach.
A comprehensive data security policy begins with organizational commitment from the top, workforce training, an investment in data security tools and overall transparency of the process of customer data collection and usage and a disaster recovery plan in order to be prepared for a data breach.