Customer Data Privacy checklist for small business owners.

T-Mobile corporate legal counsel Suzie Rao and Kelli Hooke spell out the items to consider when thinking about protecting customer privacy.
Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card numbers, or other account data—that identifies customers or employees. This information often is necessary to fill orders, meet payroll, or perform other essential business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or other harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just good business.

Regardless of the size or nature of your business, the principles in this article will help you protect your customers’ personal information.

You are legally obligated to treat your customers’ personal information respectfully and fairly but protecting customer data privacy shouldn’t have to be a drain on your company. Done wisely, it can create customer goodwill and increase sales, while reducing business and legal risks. Some businesses may have the expertise in-house to implement an appropriate customer data  privacy plan. Others may find it helpful to hire a contractor. Regardless of the size or nature of your business, the principles in this article will help you protect your customers’ personal information.

Below is a customer data privacy checklist that can help you build a comprehensive and effective privacy plan in seven simple steps:

1. Conduct a data privacy audit.

Step one is to understand what data your business needs, what data it’s collecting, and how data is being stored and secured. Also consider heightened legal obligations if you handle medical, financial, or minors’ data.

You can avoid trouble by making sure someone in your organization is responsible for customer privacy.

2. Minimize data collection and retention.

What you don’t have can’t hurt you. Conversely, what you do have, can hurt you. Consumer privacy advocates recommend that companies collect and store only data they need to deliver their product or service. Sometimes businesses gather extra information because they think they might want it in the future. But keeping that data increases risk, especially if someone hacks your systems and steals the personal data in them.

3. Secure the data you keep.

Even if you don’t take credit card numbers, other personal data you keep could be valuable to fraudsters. It’s embarrassing, not to mention costly and damaging, to tell customers their data has been compromised in a hack. These notifications to customers are legally required. So be sure you have secured your network, databases, and websites.

4. Post a privacy policy.

Commercial website owners are required by law to post a consumer privacy policy. And most app platforms also require one if your app transmits data. It isn’t enough to cut and paste a boilerplate policy. Regulators consider privacy policies legally binding agreements between you and customers. Your policy should describe your current business practices fully and accurately.

5. Communicate with customers.

A privacy policy is a legal document that customers rarely read. But they do expect simple and clear descriptions of company data practices at key moments, such as when they’re asked to provide data and when you add new features to a product or service or make policy changes.

Consumer privacy advocates and industry groups recommend direct and upfront communication with customers about data you collect and your plans for using it. Most consumers will happily supply personal data necessary for a service they want.

6. Provide a forum for complaints.

Give customers an online form or email address for communicating their privacy problems or concerns. Be sure to respond to their messages. This two-way communication can help build trust and loyalty—and help avoid potential customer privacy crises.

7. Give consumers a choice.

Recent research suggests customers expect settings and features that let them choose whether to share data. Be transparent and give them the opportunity to opt in or out.

Adopting these data privacy best practices will go a long way toward protecting your customers’ privacy—and your own business

Want even more trends, insights, and success stories?

Interested in T-Mobile for Business?