Consumers are taking action when it comes to protecting their personal information. According to a U.S. Department of Commerce study, nearly three-quarters of internet-using households had significant concerns about online privacy and security risks in 2017, while one third said these worries caused them to hold back from some online activities.
Consumers’ intensified focus on protecting their privacy underscores the need for businesses to incorporate data privacy into the building blocks of their organization through physical, technical, organizational and administrative safeguards.
Here are some recommended principles that businesses can use to improve their privacy practices:
- Be clear about the data you are collecting and why. Consumers don’t want to be surprised by the way you use their personal information. Be transparent about the data you collect and how you it.
- When possible, provide consumer choice. Providing features like opt-ins and opt-outs and mechanisms for consumers to review, correct and delete their personal information demonstrates respect for your customers.
- Know the who, what and where of your consumer data. Inventory the types of personal information you collect and store, know where you keep this information and how it is protected and document who needs to have access to this data.
- Don’t keep data you don’t need. Define retention periods for the data elements in your inventory. Securely dispose of data you don’t need. If you do need to keep data, consider redacting sensitive data elements to reduce the risks in the event of a breach.
- Assure customers that you will protect their data. Talking about privacy isn’t enough; studies show that consumers are worried about security as well as privacy. This means that you need both to have strong security controls and to make sure your customers know about them. This will help give your customers confidence to share their personal information with you.
About the Author
John N. Gevertz is Chief Privacy Officer at Visa, responsible for global privacy compliance, information governance and privacy operations management. He also chairs Visa’s Data Use Council.