Essential Guide to Lists and Databases: Take Data Privacy Seriously – And Take Action to Ensure It

I don’t often quote Spider-Man, but the superhero may have been the most succinct in making a point when it comes to approaching privacy: “With great power comes great responsibility.”

Without doubt, the power that drives relationships is data. When used appropriately in customer relationships, data generate value for the consumer, the business, the economy and society.

With this enormous value comes a big responsibility for the proper protection, handling, use and management of data.

A company that cares about building trust with its customers and about the value of its brand should embrace and apply the highest emphasis to this responsibility. This best-practices approach includes kid-glove consumer care, a thorough research-and-resolve program and an established, authoritative privacy program that includes accountability as well as consumer notice, choice and access.

There are certain privacy and security rules that every business or organization should live by:

· Identify the sensitive information collected from customers, such as credit card numbers or personal identification numbers. Keep this data only as long as needed. Block access or truncate display of it for anyone without a specific need to see it. Make your employees aware of what is sensitive.

· Data in transit are data at risk. Send only the data needed by the recipient. Truncate or encrypt all sensitive information. Establish appropriate data retention and destruction requirements with every vendor.

· Employees are your greatest risk. Screen all employees with access to sensitive information. Allow access only to what an employee needs to do his job. Monitor employee access to customer information. Marketing databases rarely have a need for sensitive information, which means you should purge it whenever possible. Sensitize employees to watch for bad behavior.

· Partners are your second-greatest risk. Include security requirements in every vendor contract. Interview your vendors’ security employees. Read the privacy policy of your vendors. Understand the legal requirements for offshore vendors.

· Overreact if you have a security breach. Assume the worst until you know better. Prepare customer service employees to handle or refer customers with concerns. Overcommunicate with your customers, employees and the media. Hoping the problem goes away only ensures that it gets bigger.

· Learn from the marketplace. Don’t make commitments you can’t live up to. Customers appreciate honesty, even it if isn’t what they wanted to hear. Don’t promise your security is perfect – no one is immune to security issues, including you. Security risks evolve over time. If your security practices aren’t changing, you aren’t keeping up with new risks.

A privacy best-practices policy is a comprehensive, thoughtful and balanced approach that protects consumers while preserving the benefits of information in our economy.

Related Posts