Are you a true guardian of your customers’ privacy?

Businesses collect a broad variety of data about their customers—who they are, their location, online and offline habits—and much more. Data-driven insight is vital to allow brands to deliver the exceptional service and personalized experiences that customers expect. Putting that data in context is increasingly critical across many customer touch points.

In parallel, as more data is collected, brands have an even greater responsibility to safeguard customers' data and privacy. Any company that becomes a trusted guardian of customer privacy has currency in a digital economy.

Navigating a digital landscape

Technology is advancing faster than the cultural norms of how to use all of that data that's generated by our digital footprints.

For instance, location data can be used to improve the customer experience, but it can also raise privacy concerns. Sharing location data is essential for indoor mapping, getting turn-by-turn directions as travelers race to catch their flights or to let fans order hot dogs and beer from their seats in the stadium. But at the same time, it might be a bit creepy if "Welcome Chris" flashed on a monitor when I entered even my favorite store. There's a fine line between being helpful and 'Big Brother'.

There's a stereotype that #GenMobile isn't as concerned with data privacy and security. However, for this tech-savvy generation, there's a big difference between voluntarily sharing moments of their life on social media and having brands violate their privacy. In addition, security is also presumed: #GenMobile expects that that their trusted brands safeguard their information and only share personal, medical or financial data as allowed. Failure to safeguard your customers' privacy can result in losing your customers' trust. So, how do you become a true guardian of your customers' privacy?

7 best practices to safeguard customer privacy and security

1. Understand how your business will use the data – It's key to have a full understanding of how you will use different information about customers, whether it's personally identifiable information or an anonymized aggregation of online habits, responses to marketing campaigns, product purchase history, and location information.
2. Understand the value of your customer data – How valuable is your customer data to cyber criminals? Does your business handle personally identifiable information or financial transactions? Stealing banking information has always been a top priority of criminals, but increasingly they are targeting medical information for fraud or identity theft. Is your industry highly regulated or a prime target of cyber attackers, such as financial services, healthcare or retail?
3. State your intent – Keep customers informed on how you will use their information and whether it is shared with third parties. Customers must have a way to opt out of data collection. They also should have the right to be forgotten no matter where they're located.
4. Tell customers if their data has been hacked – Public companies are required to report data breaches to the government, but telling your customers about a breach—and the specific steps you are taking to address the situation—is a good business practice for any organization.
5. Understand privacy governance in different geographies – Different regions around the world have different expectations for privacy. Surely, you're well acquainted with CAN-SPAM in the U.S. and know that Canada requires double opt-in. The EU has strong rules around data protection, but in December 2015, the European Parliament and Council passed a reform that will establish a single set of rules that make it easier to do business in the EU while still safeguarding privacy.
6. Educate your workers about security practices – Attackers are increasingly using social engineering to trick unsuspecting workers into giving up their account credentials. You can build strong defenses, but it's more critical than ever to educate users about safe practices online.
7. Control access to data – It's critical to secure access to the network from devices of all type. Enforce access policies automatically through the network. Encrypt sensitive data when stored and when sent over the network as appropriate. An attacker may be active in your network, but if the data is encrypted, it will be much more difficult to identify it as valuable.