Consumers have become increasingly connected and are constantly sharing information online. In other words, they are researching, purchasing, and using online products and services, via any number of connected devices. Additionally, they are opting in to share their preferences as part of interactions on social media and search sites. Customer data and personal information gathers under device manufacturers, desktop and mobile apps, internet providers and mobile operators as this is for their own purposes or to sell to other businesses. As a business, you have a responsibility to maintain customer privacy and protect this personal information.
What Is Personal Information?
Personal information is info or an opinion about an individual whose identity is apparent, or can be ascertained, from the information or opinion. It includes a broad range of information, or an opinion, that could identify an individual. What personal information will vary, depends on whether a person can be identifiable in the circumstances.
For example, personal information may include:
- An individual’s name, signature, address, phone number or date of birth
- Sensitive information including race, sexual orientation or health information
- Credit information
- Employee record information
- Photographs
- Internet protocol (IP) addresses
- Voiceprint and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)
- Location information from a mobile device (because it can reveal user activity patterns and habits)
It is critical for your business to protect and respect the privy of your customers and to take whatever steps are necessary to ensure that your customers feel that their privacy is protected and respected.
Legislation
The Privacy Act sets out rules with which many businesses must comply regarding the collection, use, storage, and disclosure of personal information and applies to most private sector organisations (including non-profit organisations). It does not, however, apply to small businesses with an annual turnover of less than $3 million. This means that most small businesses do not need to comply with the Privacy Act.
From a customer’s perspective, The Privacy Act allows you to:
- Know why collection of your personal information occurs, how it will be used and who it will be disclosed to
- Have the option of not identifying yourself, or of using a pseudonym in certain circumstances
- Ask for access to your personal information (including your health information)
- Stop receiving unwanted direct marketing
- Ask for your personal information that is incorrect to be correct
- Make a complaint about an organisation or agency the privacy act covers, if you think they’ve mishandled your personal information.
So how does a small business, not bound by legislation, build and maintain trust with their customers during data collection?
Implementing Policy
Trust is the cornerstone of a business relationship. Regardless of whether there is a legal obligation to do so, it is critical that you protect and respect the privacy of your customers. Additionally, you must take whatever steps are necessary to ensure your customers feel protected.
To achieve this, policy and training needs to have an inclusion in your business andb staff. Policies and training offer clear guidance to your employees regarding customer privacy, how to report any breaches of privacy, and provide clear guidance on disciplinary action if a team member breaches the policy.
An effective Privacy Policy and Training should include:
- Referenced legislation
- The purpose of the policy and why maintaining customer privacy is important
- Who the policy applies to
- The objectives of the business in relation to Privacy
- Policy Implementation
- What happens if there is a breach.
Protecting You and Your Customers
Awareness of customer privacy needs to be in your everyday interactions. For example, privacy is something that can impact your brand, disrupt the customer experience, and potentially damage your company’s reputation.
Your customers are thinking about their privacy when they visit your website, use your app, and purchase your products and services. So, what can you do to demonstrate to your customers that their privacy is important to your company?
Here are some ideas:
- Manage privacy proactively, rather than retrospectively after any privacy issues come to light
- Recognise it is possible to have both ‘good privacy’ and effective, innovative use of data
- Keep the activity user-centric by offering strong privacy defaults, appropriate notifications systems, and empowering user-friendly options
- End–to–end security throughout the full lifecycle of the project so you can ensure that all personal information is kept securely from collection through to destruction.
Have a read of our Security Awareness blog for further reading on online security for your business
Always ensure you do not disclose information unless:
- The individual has consented to the use or disclosure
- The individual would reasonably expect the use or disclosure and the other purpose relates (or for sensitive information, directly relates) to the primary purpose of the collection
- The use or disclosure is a law requirement
Always think about whether you can conduct your business activities without using or disclosing personal information. If you do disclose information, always limit the amount of personal information you use or disclose to the minimum necessary.
To see further how dita Solutions can help you implement effective staff inductions that provide quality training on Privacy for your business and customers, contact us here.