business security

Why your privacy policy should be customer-focused

Avast Business Team, Jul 19, 2021 10:24:53 AM

This is the importance of customer data protection and how to implement a strong company privacy policy

In this post, we will explain exactly why customer data is valuable and why it is so important for businesses to protect. Specifically, we'll take a look at the kinds of data businesses collect, various vulnerabilities in systems, and what businesses can do to ensure that they put customers first.

What is consumer privacy?

Customer privacy, or consumer privacy, refers to the protection of personal data held by businesses about individuals and their transactions. As ecommerce has become a standard way of buying goods and services, consumers have become more aware of the risks of online activity and the value of their data.

How is customer data usually collected?

Most businesses use several methods to collect customer data, and they must ensure that a) they have a lawful reason for doing so and b) the customer is fully informed of what information is being recorded (and why). Here are some common examples of how customer data is collected:

  • Asking customers directly – e.g. via an online form or on a phone call
  • Tracking habits – e.g. registering a certain purchase against an account name
  • Accessing other sources of data – e.g. using a social account to log in to a website, comments on review sites.

Customer privacy: why it’s essential for your business

Knowledge is power. And knowledge of personal information gives anyone who possesses it power: the power to take control of online accounts, to withdraw money from your bank account, or to enter restricted areas protected by passwords or codes. As such, it has been essential for organizations to protect their customers’ data.

With the birth and proliferation of the internet, the amount of personal data collected, stored, and used by businesses has grown exponentially. This has made enterprises a prime target for cybercriminals.

Additionally, your customers have the right to know exactly how their data is stored, used, and shared. You wouldn’t be comfortable with people sharing your private information in person without your knowledge, so why accept it on an online network?

How is customer data used by businesses?

By analyzing customer data, you can provide a better service, product, or experience by more accurately understanding their demands, needs, interests, and behaviors. Knowing your customer demographics can often be derived from date of birth, transactional history, social media activity, customer preferences, and behavioral patterns. Businesses will often also store email addresses and bank details.

While data can be extremely valuable to your business, keep in mind that not every customer wants a tailored product or experience. Many people prefer their relationship with a company to be purely transaction-based. Giving people this choice ensures that you will retain the respect and trust of your customers.

Why is it important to protect customer privacy?

As businesses are known for storing bank details, passwords and codes, and email addresses, they become the target of criminals. Protecting customer privacy prevents this sensitive information from being misused for fraudulent or criminal activity.

However, while it’s your moral responsibility to safely store all this data, it’s also your legal obligation – most countries have some kind of data protection legislation.

Within the EU, the GDPR law is in place to protect consumer data, while Australia introduced the CDR to similarly give consumers greater access to and control over their data. In the U.S., different states implement different rules – California, for example, follows the CCPA.

You should also consider your reputation as a business. The reputational damage of having a data breach could cost you more than the breach itself. More than two-thirds of consumers believe that privacy practices are related to a company’s trustworthiness, only marginally outranked by a company’s dependability and pricing. As such, earning and maintaining the trust of customers is more important than ever with news of data breaches and cybercrime making headlines. Fail to earn consumer trust and you’ll fail to grow your business.

Do consumers care about privacy?

Consumers are growing increasingly concerned about the data collected on them, its value, and how to protect their privacy. Cisco reports that 84% of consumers want more control over how their data is used and 90% believe the ways their data is treated reflects how they are treated as customers. This group will fundamentally not make purchases from companies if they don’t trust how their data is used.

Cisco also revealed that around 32% of consumers are so concerned about their privacy that they’re willing to act by switching companies or providers due to their data-sharing policies.

How can you protect customer data?

So, now you know the importance of protecting your customers’ data, we need to discuss the best ways to protect that information.

Only collect and store customer data that your business needs

The less data you have, the less you can lose. Using this logic, you should only be collecting and storing the data that your business requires. For example, if your web page does not offer to store your customers’ payment details for future purchases, do not store their bank details. Not only will this make you less vulnerable, but it will also limit the damage caused if there is a data breach.

Limit access to that data

By limiting the access you grant to the personal data that you store, you are limiting the risk of exposure. If few employees have access, you are reducing your chances of an internal breach and creating fewer targets for external breaches. This may also make it easier to detect the cause of the breach if a criminal has accessed your databases.

Use password management tools

Password management tools can do a lot of the security work for you. Rather than using basic passwords that are easy to hack, having complex passwords that you are regularly forgetting, or having all your company passwords located in one shared document, utilizing a password manager will allow you to use hard-to-crack passwords with ease.

While you are putting your faith in an external business, you can read online reviews about the different password managers available and find one that suits your business, budget, and security standards.

Avoid data silos

Data silos can cause issues within your business – often a lack of transparency and trust. Rather than isolating data within one department of your enterprise, ensure you invest in the most efficient and integrated technology that will allow all relevant departments to access the data they need securely. This way, you can maintain good oversight of who has access to what and avoid duplication of datasets, and thus, multiplication of potential vulnerabilities.

Set minimum security standards

After conducting a data protection audit, it’s a good idea to find the vulnerabilities in your business and set some security standards. While these are standards that the whole business should abide by, some regulations may only apply to certain people with additional access or specific roles that focus on IT.

For example, you may set standards on who can access what, how passwords are stored, or where data is accessed from.

Create a policy

You should create a privacy policy for your customers to read. This is necessary to keep customers informed of what happens to their data, but it will also help demonstrate that your business is reliable, trustworthy, and honest. It will also hold you accountable for your actions. Make a policy that is easy to understand and sets out clear limits on the sharing of personal information.

Most countries require that a certain minimum of transparency information be outlined for customers in a privacy policy, such as:

  • Two essential clauses:
    • The type of personal data to be collected
    • The purpose of the collection – how it will be used, including remarketing and cookies
  • A means for users to exercise their privacy or data protection rights
  • A system for keeping users updated when there are changes.

Even if you don't collect personal information, you should disclose this fact in a privacy policy.

What is a good privacy policy?

A good privacy policy centers around the customer’s needs, behaviors, and concerns. It offers detail around how customers’ information will be collected and used, and reassurance that it won’t be manipulated for other purposes, such as marketing or selling to third parties, without notification or permission.


Further reading: How to read a privacy policy


What laws exist to protect consumer data?

While specific web-based laws have not always been around to protect consumers, over the past decade, nations have been introducing legislation that protects how consumer data is used, stored, and shared.

While the specifics of each legislation will differ within each region, the general rule of thumb is organizations that collect or process customers’ personal information must publish and abide by a privacy policy and facilitate some level of consumer choice over how their data is handled.

A few of these laws include the following:

  • CalOPPA in the USA
  • GDPR in the EU
  • PIPEDA in Canada
  • CDR in Australia
  • LGPD in Brazil
  • The Federal Law on the Protection of Personal Data held by Private Parties in Mexico
  • PDPL in Argentina

While details vary, the EU’s GDPR gives a good gauge of the nature of these laws. For example:

  • Organizations must be transparent about how and why they process personal data, and present this information in clear, intelligible terms
  • Data gathered must be limited to what an organization actually needs to meet a specific purpose, such as to deliver a service to the customer
  • The organization must ensure that the data is accurate and up to date
  • Organizations must use security measures such as encryption, two-factor authentication, and/or tamper-evident logging to maintain data integrity and confidentiality
  • Organizations are accountable for data and a paper trail must be used to demonstrate compliance

Keep in mind that data protection laws protect all kinds of personal data, not just consumer data – employee privacy should also be a priority for your business.

What happens to businesses that fail to protect their customers’ data?

While the repercussions will vary depending on the specific regional policy, many businesses will be subject to fines if they refuse or fail to comply with data legislation.

For example, GDPR states that:

  • Businesses that violate the regulations face fines of up to €10 million or, in the case of an undertaking, up to 2% of their entire global turnover
  • For severe violations, businesses face a penalty of up to €20 million or up to 4% of their global turnover
  • In 2021, the EU stated they would begin increasing the pressure on businesses to follow data protection and privacy laws.

Here are some examples of consumer privacy violations:

  • US pharmacy, CVS, was taken to federal court for 200 instances of violating patient privacy laws
  • In 2019, the French Data Protection Authority (the CNIL) fined Google LLC €50 million for a lack of transparency and failure to obtain consent for ad targeting
  • The CNIL have also issued fines to Amazon for dropping tracking cookies without consent
  • London’s Doorstep Dispensaree Limited was fined £275,000 for failing to ensure the security of special category data, which they kept in unlocked containers at the back of its premises.

Protect consumer data from unauthorized access by implementing comprehensive business antivirus across your IT infrastructure. Discover how Avast Business solutions can help you and which product is right for you: Help Me Choose.