skip to main content
Business IQ

Customer data: How to manage it securely

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Whether your business is the local gym or a high-end online retailer, storing your customers’ data securely should be a key consideration. Gaining and retaining customer trust is especially important in the current climate, where a slip-up could mean that once-loyal customers will choose to spend elsewhere.

Medical record appears on laptop

Collecting and warehousing vast quantities of personal data about customers requires care and precision. Once you have taken the first step of collecting customer data, you must ensure you are using it in the right way – and let your customers know that it will be used appropriately and safely in your business’ hands.  

Here, we look at three considerations to help ensure you meet data-security expectations.

Types of data you can gather

Businesses should only gather information if it’s needed for legitimate functions or activities. With this in mind, you may want to reasses whether it’s worthwhile collecting personal information about customers at all. For many businesses it is, but you should consider what purpose it serves and exactly what you’ll do with it. For example, a medical clinic collecting patient data for a person’s medical history is vital – a retailer collecting their customers’ home address may not be, especially if this is used for unexpected marketing.

It’s also important to consider how you will collect customer data. “If you haven’t collected the information directly from the individual - or you have but they wouldn’t reasonably expect that you’d use it to market products and services - you need to get their consent where it’s practicable to do so and you need to include the opt-out mechanism in the communication,” says Alison Baker, Partner of leading independent Australian law firm Hall & Wilcox. “You also need to include a prominent statement that makes it clear that they don’t have to receive the marketing material,” she adds.

The Australian Privacy Princples (APP) guidelines is a must-read resource for any business that collects data. This is a great starting place if you are unsure about what data is deemed necessary to collect – and what you can legally do with it.

Are you meeting expectations online?

Expert advice & practical tips to help turn customers into loyal advocates.

Access free reportAre you meeting expectations online?

Store your data securely

There are several ways to manage data storage. You can choose to engage third-party providers to store data and information on your business’ behalf. However, it’s important to know precisely where that data is at all times and whether it complies with the privacy principles.

“It might just be that a cloud provider stores back-up data for them rather than keeping it on one of their systems they outsource it and put it in a cloud and the operator of the cloud is located overseas,” says Baker. “If that data contains personal information then they’ve made a disclosure to the overseas recipient,” adds Alison.

You might want to consider adopting a cloud solution for your business, which can help to prevent loss of data if a security breach occurs. There are several options available and, because every business has unique needs, there are steps you can take to assess which cloud solution is right for you.

Show customers their data is secure

At the point of collection, customers want – and have the right – to know what you will do with their data. You should let them know that their data is safe and advise exactly how you will meet this promise. Provide succinct details when communicating your data protocols with customers – instead of burying this in a long privacy statement. Customers are time poor and certainly appreciate simple, clear information.

Collecting customer data is an essential piece of the puzzle for any small or medium-sized business using direct marketing to engage their customers. It is your business’ ethical and legal obligation to follow government guidelines and keep up-to-date data-security practices – and maintaining this standard may be one of the reasons customers choose your business over another.

Get expert help with your cyber-security

Discover Telstra Business Cyber Security Services.

Find out moreGet expert help with your cyber-security

Tech
Tech
Why and how to use the 3-2-1 strategy for data back-ups

Have you ever lost a digital file worth hours of work because of a program crashing or something going wrong with your computer? Or been a victim of ransomware, where hackers b...

Business IQ
Business IQ
Freelance Virtual Conference: 5 key cyber security takeaways

Freelance Australia recently held the 2021 virtual Freelance Essentials Conference to help freelancers and small businesses learn the ins and outs of running a freelancing ente...

Business IQ
Business IQ
4 steps to take if you've been targeted by online crime

Being the target of a cyber attack can be frustrating, expensive and confusing. But with some preparation, your business can respond – and recover – quickly.

Business IQ
Business IQ
5 free steps to become a secure small biz

Late nights, early mornings, and working over weekends; familiar phrases for the small business owner, solo operator, and freelancer. So why should such a busy person cut into ...