Collecting and warehousing vast quantities of your customers’ personal data requires care and precision. Once you have taken the first step of collecting customer data, you must ensure you are using it in the right way. It’s just as important to let your customers know that data protection is a top priority in your business and that their data will be used appropriately and safely in your business’s hands.
Here, we look at three considerations to make sure you meet data protection expectations.
Review your data gathering practices
Under the Australian Privacy Principles (APP), businesses should only gather information if they need it for legitimate functions or activities. If your business deals with customer data at any level, it’s worth assessing what purpose it serves, how much of it you collect and exactly what you’ll do with it. For example, it can be considered vital for a medical clinic to collect personal data for a patient’s medical history. But if your business is in retail, do you really need to collect your customers’ home address, email address and phone number, especially if the purpose is only to blast out marketing material they may or may not haven’t opted in for.
It’s also important to consider how you collect customer data. “If you haven’t collected the information directly from the individual – or you have but they wouldn’t reasonably expect that you’d use it to market products and services – you need to get their consent where it’s practicable to do so and you need to include the opt-out mechanism in the communication,” says Alison Baker, partner of leading independent Australian law firm Hall & Wilcox. “You also need to include a prominent statement that makes it clear that they don’t have to receive the marketing material,” she adds.
The APP guidelines are a must-read resource for any business that gathers data. It’s a great place to start if you are unsure about which data is necessary to collect – and what you can legally do with it.
Assess your secured data storage
There are several ways to manage data storage in your business. For example, there are third-party providers who store data and information on your business’s behalf. However, if you choose this route, it’s important to know precisely where your business and customer data is at all times and whether it complies with Australian privacy principles.
“It might just be that a cloud provider stores back-up data for them. Rather than keeping it on one of the business’s systems, the business outsources it and puts it in a cloud, and the operator of the cloud is located overseas,” says Baker. “If that data contains personal information, then they’ve made a disclosure to the overseas recipient,” she adds.
You can also choose to adopt a cloud solution for your business. Cloud solutions can help prevent you losing data in the event of a security breach. There are numerous cloud options available and, because every business has unique needs, consider following a few key steps to help you assess which cloud solution is right for you.
Promote security with your customers
At the point of data collection, customers want – and have the right – to know what you will do with their data. You should let them know that their data is safe and advise exactly how you will meet this promise. Provide clear and succinct details when communicating your data protocols with customers – instead of burying this information in a long privacy statement. Customers are time-poor and appreciate simple, clear information.
Collecting customer data is an essential piece of the puzzle for any small or medium-sized business using direct marketing to engage their customers. It is your business’s ethical and legal obligation to follow government guidelines and keep your data-security practices up to date. Maintaining or exceeding this standard can be one of the reasons customers choose your business over another.