A person points to a lock icon illustration.

Are You Doing Enough to Protect Customer Privacy Online?

The amount of personal information an online customer shares with your business is significant. And so are the risks if you don't take proper steps to secure it—or educate your customers about what you're doing to protect it.

Here are some ways you can put privacy front and center for the benefit of everyone.

Create a Culture Around Privacy

You must have a privacy policy that tells customers what you do with the information they provide. If you don't have one, check out online resources like TermsFeed that make the process easy, generating a policy for you once you answer a few questions.

But having a policy doesn't mean customers will read it. To help them understand the highlights, here are some things you can do:

  • Dedicate a tab on your site exclusively to privacy
  • Include a FAQ section that distills your policy into a simple Q&A format
  • Add pop-ups to your order form that explain why you're asking for specific information
  • Encourage customers to contact you if they have questions

This way, you're creating a dialogue that educates, not just a policy you post once and forget.

Don't Collect More Data Than You Need

Many e-commerce web platforms are set to solicit lots of customer information when they're placing an order. This is great for marketing purposes, but remember that the more personal data you have, the more you have to protect.

Distill what you need to know down to the basics and collect only the information that facilitates a purchase. And if you want marketing insights, consider surveys or other information freely available online that can help.

Get Smart About PII

Ever heard of Personally Identifiable Information (PII)?

It's defined as any information that can be used to trace an individual's identity, either on its own or when combined with other information. However, if obtained by a scammer, they may use that information for identity theft or other means of exploitation.

Examples of PII include:

  • Social Security Number
  • Account numbers
  • Driver's license or state-issued ID card
  • Passport number
  • Personal phone number
  • Personal street and email address

Data such as birthdate, race, or business phone number may seem like PII, but since others can share these, it's not. However, when these are linked to a specific driver's license or Social Security number, it becomes PII.

The main thing to remember is that all customer data should be considered worthy of protection because it can potentially be used to scam them. This checklist by Nightfall can help you get started on a plan for doing so.

Assign A Data Collector

If several people in your company collect and store customer data, it becomes harder to protect. Instead, put one individual in charge who's organized and accountable. This will also leave more time for others to focus on their actual responsibilities.

Keep customer data stored on secure servers and back them up regularly. Doing so will help prevent loss in the event of a breach, disaster, or cyberattack. Printed customer data should be locked up when not in use. In a perfect world, these should be scanned and backed up as well.

Don't Just Throw Data Away—Destroy It

Customer data you no longer need can still provide opportunities for scammers and thieves.

Before you dispose of anything, be sure it's unusable, which can get complicated in an age where electronic devices are constantly being enhanced to help store information.

If you're tech savvy and have the time, you can try the following methods:

  • Erasing
  • Re-formatting
  • Overwriting or
  • Scrambling it with a powerful magnet, a process known as degaussing

If you have hard drives or other devices with large amounts of memory that might include information such as customer account numbers, the only guaranteed way to dispose of them is to destroy them.

Although you can learn disposal techniques through online videos, such as incineration or potentially dangerous ways like cutting, it's recommended that you leave this task to an electronics disposal service. 

The good news is that many document shredding services offer device destruction, too. Don't be tempted by DIY at-home shredders that cut documents into strips. These can be painstakingly reassembled to reveal confidential information.