Collecting and warehousing vast quantities of personal data about customers requires care and precision. Once you have taken the first step of collecting customer data, you must ensure you are using it in the right way – and let your customers know that it will be used appropriately and safely in your business’ hands.
Here, we look at three considerations to help ensure you meet data-security expectations.
Types of data you can gather
Businesses should only gather information if it’s needed for legitimate functions or activities. With this in mind, you may want to reasses whether it’s worthwhile collecting personal information about customers at all. For many businesses it is, but you should consider what purpose it serves and exactly what you’ll do with it. For example, a medical clinic collecting patient data for a person’s medical history is vital – a retailer collecting their customers’ home address may not be, especially if this is used for unexpected marketing.
It’s also important to consider how you will collect customer data. “If you haven’t collected the information directly from the individual - or you have but they wouldn’t reasonably expect that you’d use it to market products and services - you need to get their consent where it’s practicable to do so and you need to include the opt-out mechanism in the communication,” says Alison Baker, Partner of leading independent Australian law firm Hall & Wilcox. “You also need to include a prominent statement that makes it clear that they don’t have to receive the marketing material,” she adds.
The Australian Privacy Princples (APP) guidelines is a must-read resource for any business that collects data. This is a great starting place if you are unsure about what data is deemed necessary to collect – and what you can legally do with it.
Are you meeting expectations online?
Expert advice & practical tips to help turn customers into loyal advocates.
Download free reportAre you meeting expectations online?Store your data securely
There are several ways to manage data storage. You can choose to engage third-party providers to store data and information on your business’ behalf. However, it’s important to know precisely where that data is at all times and whether it complies with the privacy principles.
“It might just be that a cloud provider stores back-up data for them rather than keeping it on one of their systems they outsource it and put it in a cloud and the operator of the cloud is located overseas,” says Baker. “If that data contains personal information then they’ve made a disclosure to the overseas recipient,” adds Alison.
You might want to consider adopting a cloud solution for your business, which can help to prevent loss of data if a security breach occurs. There are several options available and, because every business has unique needs, there are steps you can take to assess which cloud solution is right for you.
Show customers their data is secure
At the point of collection, customers want – and have the right – to know what you will do with their data. You should let them know that their data is safe and advise exactly how you will meet this promise. Provide succinct details when communicating your data protocols with customers – instead of burying this in a long privacy statement. Customers are time poor and certainly appreciate simple, clear information.
Collecting customer data is an essential piece of the puzzle for any small or medium-sized business using direct marketing to engage their customers. It is your business’ ethical and legal obligation to follow government guidelines and keep up-to-date data-security practices – and maintaining this standard may be one of the reasons customers choose your business over another.
Get expert help with your cyber-security
Discover Telstra Business Cyber Security Services.
Find out moreGet expert help with your cyber-security
