Privacy awareness: managing your customer data

The recent hacking of the Reserve Bank and the Australian Bureau of Statistics have heightened public fears of harmful online attacks and called attention to the importance of cyber-security. Both the RBA and the ABS were the subject of attacks to penetrate sensitive internal information that could be used to move the share market. On a business level, cyber hacks into your database can result in customer information being stolen and used for identity theft purposes.

With Privacy Awareness Week 2013  underway, it's time to reinforce the importance of properly managing your customer data through our 5 quick tips.

Develop a privacy policy

If you haven't already got one, you should develop a privacy policy or statement stating how your business collects, uses, discloses and manages your customer data. You should touch on what customer data you are collecting, which can include personal identification elements such as name, address, date of birth, marital status, contact details, credit information and medical history, among others.

In your policy, include any partnerships with third parties that could potentially view your data as well as what your firm's stance is on criminal investigations. For example, you could add a statement on cooperating with authorities by providing information in the case of criminal investigations. Details on how they can contact you if they have any questions is also encouraged.

Appoint a privacy officer

Making an employee responsible for your firm's privacy initiatives and compliance isn't just a way to develop good leaders; it's also a way to ensure privacy is a key priority. This employee can be yourself, your office manager or someone else in your organisation. This individual should be familiar with the National Privacy Principles (NPPs) and act as the go-to for complaints or enquiries about personal privacy. The person may also be responsible for the complaints handling process, staff training and Privacy Act compliance.

Collect only necessary information

According to the Office of the Australian Information Commissioner, you should only collect information necessary for your functions or activities. Ask yourself if any of the personal information you collect is really required for your activities, such as sending marketing newsletters or customer segmentation. These activities usually require basic identification details and financial information depending on the type of business you are running. In some cases it is possible to allow customers to interact with you anonymously. 

Look after your data

Customer data is sensitive and should be stored properly, whether digitally or physically. Ensure all your employees are familiar with NPPs and your privacy policy. You should also make sure your cyber security is up-to-date and sophisticated enough to block out scammers. These days it isn't enough to just install anti-virus security and password protection. You should consider firewalls, SSLs, data encryption, network scans, verification software and so on.

Read data security pitfalls  and fraud protection for SMEs for more information.

Destroy data appropriately

You shouldn't hold on to data you don't need, so ensure you dispose of them safely. The OAIC recommends shredding or pulping physical documents and placing them in a security garbage bin. For electronic documents, you should delete them from your networks, mobile devices and databases and ensure they cannot be retrieved again.

Connect with us to receive updates throughout the day:

Like us on Facebok Follow us on Twitter

Dun and Bradstreet AustraliaTop of page Dun & Bradstreet Australia Pty Ltd 2015 | D&B Small Business    *About Us    *Sitemap    *Advertise    *Privacy    *Terms & Conditions