Most consumers are concerned about how your business collects, stores, and uses their information. They value their privacy more than ever since the Facebook-Cambridge Analytica scandal in 2018. Consumer confidence was eroded when personal data belonging to millions of users was collected by companies and used for political advertising. And everyone who uses digital devices knows that Google follows them around, right?
The Australian government says that you are responsible for protecting your customer’s personal information – it’s the law under the Privacy Act 1988. Now in the digital world privacy protection has become much harder. There are many databases all over the world collecting and storing sensitive customer data. Businesses must prioritize ethics, privacy, and security or risk their brand’s reputation.
Collection and Ethics
· What are you collecting? Use the data for its planned purpose only. For example, don’t expose customers to unwanted marketing.
· Visibly display terms and conditions of data use on your website, web app and mobile app. Get your customers to accept your T & C’s before to purchasing or using your service.
· Digital Debris – consider a data retention policy. If you don’t need it, get rid of it properly.
· If you are purchasing 2nd and 3rd party data, you must follow the T & C’s accompanying the data.
Adhering to the latest laws and regulations
· If you sell overseas you must comply with Europe’s General Data Protection Regulator (GDPR) which imposes strict requirements for collecting, using, and storing data. The regulation makes sure that customer data is securely protected across Europe even if the data processing happens in the EU or not.
· Consider using GDPR best practices as is currently the gold standard.
· Are you following the rules set out by the AU Spam Act 2003? Think how annoying it is when you receive unsolicited emails without unsubscribe links.
· Familiarise yourself with the relevant sections of the AU Privacy Act 1998. In 2021 there will be a response to the ACCC’s Digital Platform Inquiry.
· Seek legal advice to make sure your business is compliant with all the laws and regulations. If you are not sure where your business stands, have a chat with our trusted legal partner to find out more.
Security
· If you collect PIFI – personally identifiable financial information, PHI – Medical History, health care, insurance details or PII – personally identifiable information you must have robust security. The plan should include network security, firewalls, strong authentication processes, intrusion detection and a reliable backup system.
· Data is an asset that can easily be exploited by criminal activity. Some experts are saying it’s a case of “when not if”. Develop an action plan if there is a security breach.
A breach of trust for your brand can have legal and financial repercussions for your business and your customers. The best practice is to develop business values around privacy, ethics, and security. Don’t let your data end up on the dark web or erode customer confidence because you used their data inappropriately.
Resources
