A Seven-Step Guide to Protecting Customer Privacy

Think protecting customer privacy is only an issue for business giants like Facebook and Sony? Think again.

Many small companies have lost customer trust or even been sued over privacy mishaps in recent years. And they're likely to face more problems as digital data files grow in size and importance to modern business.

You are legally, if not morally, obligated to treat your customers' private personal data respectfully and fairly. But protecting customer privacy need not be a drain on your company. Done wisely, it can create customer goodwill and even lift sales, while reducing business and legal risks.

Read the story on Entrepreneur.com

Such a strategy involves more than securing a network from hackers and posting a boilerplate privacy policy. Here are seven steps that can help you build a comprehensive and effective privacy plan:

1. Conduct a data privacy audit. Step one is to understand what data your business needs, what data it's collecting and how data is being stored and secured. Consider also your legal obligations if you handle medical, financial or minors' data.

Businesses sometimes collect more data than they realize because they've used third-party software code that does so automatically or because a partner, such as an advertising network or analytics company, is pulling data.

Related: Three Tips for Using Public Wi-Fi Safely

Lack of attention to this data collection is what often sparks a crisis, says Jules Polonetsky, director of the Future of Privacy Forum, a Washington, D.C., think tank. But you can avoid trouble by making sure someone in your organization is responsible for data privacy, be it a full-fledged chief privacy officer or simply the marketing director.

"No one ends up knowing what is collected and kept from beginning to end unless someone is in charge of that," Polonetsky says. "Someone needs to be accountable."

2. Minimize data collection and retention. What you don't have can't hurt you. Privacy advocates recommend that companies collect and store only data they need to deliver their product or service. Sometimes businesses gather extra information because they think they might want it in the future. But doing so increases risk. Data can be lost or stolen by hackers, and customers can mutiny if they feel you're asking unnecessarily intrusive questions.

3. Secure the data you keep. Even if you don't take credit card numbers, other personal data you keep could be valuable to identity fraudsters. It's embarrassing, not to mention costly and damaging, to tell customers their personal information has been compromised in a hack. And such disclosure is often legally required. So be sure you have secured your network, databases and website.

Related: What to Do If Your Business Gets Hacked http://www.entrepreneur.com/article/220807

4. Post a privacy policy. Commercial website owners are required by law to post a privacy policy. And most app platforms also require one if your app transmits data. It isn't enough to cut and paste a boilerplate policy. Regulators consider privacy policies legally binding agreements between you and your customers. You should describe your current business practices fully and accurately.

Fortunately, there are online tools that can help you create a privacy policy. PrivacyChoice, for instance, offers a free online tool called Policymaker to help develop policies for mobile apps and websites, as well as consulting services for a fee. Another option is TRUSTe's Privacy Policy Generator, and packages of related services ($499 and $995 a year).

5. Communicate with customers. A privacy policy is a legal document that customers rarely read. But they do expect simple and clear descriptions of company data practices at key moments, such as when they're asked to provide data and when you add new features to a product or service or make policy changes.

Privacy advocates and industry groups such as the Online Trust Alliance recommend direct and upfront communication with customers about data you collect and your plans for using it. That's especially important for small companies without recognized brands that people know and trust. Most consumers will happily supply personal data necessary for a service they want. For instance, Amazon.com keeps purchase data and uses it to deliver product recommendations that millions of customers embrace.

Related: What Technologies Banks Should Be Using to Keep Your Money Safe

6. Give consumers a choice. Recent research suggests customers expect settings and features that let them choose whether to share data, not sweet words about your respect for their privacy, Polonetsky says. They want to see signs that businesses are "serving" them, not "selling" them.

7. Provide a forum for complaints. Give customers an online form or email address for communicating their privacy problems or concerns. And be sure to respond to their messages. Such two-way communication can help build trust and loyalty -- and help avoid potential privacy crises.

"Don't think you're too small to be noticed in this world of savvy critics," Polonetsky says. "One aggrieved customer on Twitter … can send the most minor complaint viral."