Customer data security is essential for any business regardless of size. Any security breaches or misuse of customer data will cause major problems for both your customers and your business. Both of which could be irreversible and spell the end of your business.
Fortunately, there are things you can do to protect your customers data.
Responsibilities
Firstly, you should know your responsibilities. Find out the requirements in your local area because they may vary by State. To get you started, there’s some information below about Commonwealth legislation and the Privacy Act. Legislation applies to any data collected about customers that is sensitive or includes credit card or other payment details.
Data collected
A good idea is to only collect the minimum amount of data you need. Obviously, more data about your customers means you have more opportunity to personalise the service you offer. Weigh that against the cost of putting in place systems to protect the data. Then you can make a considered decision about which is the best idea for your business.
Storage
How you store customer data is also important. You need to make your best efforts to ensure that your systems are secure. That people who’ve worked on your systems no longer have access to them, including both contractors and ex-employees. Create policies to protect access customer data on company property taken offsite, such as laptops, phones, tablets and even thumb drives.
Breaches
If the worst happens despite your best endeavours, there are a few things you need to do immediately. Of course, you should do your best to fix whatever caused the breach and stop the distribution of information as far as possible. You should also try to find out the full scope of the breach. How long has it been going on? What information was taken? What sort of information? Who has it? What is being done with it? The more you can find out the better.
Notification
You may be required by law to notify both customers and the Office of the Australian Information Commissioner about the breach. Even if not required to notify clients, I would suggest that you should. If a customer suffers any problems caused by your breach, then finds out that you knew and didn’t tell them it will cause major problems for you and your business.
Further reading:
- Commonwealth Privacy Act summary https://www.oaic.gov.au/privacy-law/privacy-act/
- Information from Electronic Frontiers Australia https://www.efa.org.au/Issues/Privacy/privacy.html
- Guide to Securing Personal Information https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information
Keeping customer data secure is entirely your responsibility, and there’s no point in thinking you’re immune just because you’re not a large company. A smaller company can be just as susceptible to security breaches as a larger one. A security breach can have a more devastating impact on a smaller company that doesn’t have the same resources to secure the problem and deal with resulting PR issues. In the end, keeping customer data secure in the first place is much easier than dealing with a breach.
If you’d like some more ideas, check out my previous posts about security