Regulatory Compliance and Your Customers

Data Privacy Day is just around the corner. It’s a day meant to inspire dialog and educate people on how their personal information is being collected, used, and shared.

When discussing privacy, we are often most concerned about our own. As a business owner, are you equally protective of the privacy of your customers? If not, you should; it may be the difference between growth and closure.

Do you collect personal information via your website?

Any website that collects personal information must include a privacy policy. A privacy policy clearly states what privacy means to your business and how customer data is maintained. If your website collects information that’s considered private, you need a privacy policy aligned with security policies used within your business.

If your website collects information but doesn’t have a policy in place, it’s time to get serious about having one. There are plenty of privacy policy generators available, and they’re a good starting point – and should be passed by legal counsel to confirm accuracy first.

Do you collect personal information in person?

In-person data collection is still commonplace. While it may not involve technology, handle the data with the same level of care as information collected electronically.

If you collect customer information in person, ensure that the data collected has a genuine need that is understood by your customers. If the data is shared, inform your customer and provide ways for them to limit the information is being shared.

Do you collect personal information from 3rd parties?

Does your business use data collected from 3rd parties or partners? If so, you should have paperwork that proves that they have permission to share the data with you. Once the information is in your custody, you’re responsible for its privacy.

Keeping your customers’ information private

Understanding where your business stands when it comes to compliance with regulations around data privacy can be a challenge – and the penalties for non-compliance are much worse.

The NY SHIELD Act permits the Attorney General to seek penalties of up to $250,000, not including expenses related to responding to an investigation, hiring experts, etc. California’s Privacy Act, CCPA, allows their AG to seek penalties of $2,500 for each violation or $7,500 for each violation not resolved within a 30-day remediation period.

The numbers can add up quickly – add in damage to your business’ reputation and you may be fast-tracking yourself to closing your doors for good.

Ready to jump into compliance needs for your business? Not sure where to start? Download our Data Privacy Compliance Checklist to gain an understanding of existing procedures and any changes that must be made to be compliant and be sure to catch our live stream all about Data Privacy Day on January 21st!

Matt has spent the better part of 2 decades building systems, managing IT departments, and developing websites and applications for the education, publishing, and technical service industries. As an MCSE...

Continue reading

Subscribe to Valiant's Monthly Email Digest

Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.