How to Protect Your Customers' Privacy6 Dec, 2007 By: Jacqueline Klosek imageSource
How to Protect Your Customers' Privacy
The war on terror includes many aspects, but here we’re talking about
information, identification and critcal data that needs to be protected. Now
with the advent of increasing cybercrime, protecting your privacy on all fronts
is really becoming a problem, and it’s gaining momentum. It all boils down to
securing your privacy—and it’s getting tougher to maintain, especially with
identity theft on the rise.
Today, growing numbers of Americans are making demands on corporate America
to treat their personal information with secrecy. According to a Harris Poll
sponsored by Microsoft, 60% of Americans said they’ve actually decided not to
support a store because of doubts about that store’s overall privacy
protections. What is surprising is that it isn’t just marketers that are trying
to access personal information. The government has drafted private industry for
“data collection duty” to help combat this “terrain of info terror.”
Okay, so how can businesses keep customers’ personal information under wraps
when the U.S. Patriot Act allows the government to collect copious amounts of
this sort of information? As an attorney and author of the new book, “The War on
Privacy,” I often advise my clients on issues related to data privacy and
security. As a Certified Information Privacy Professional, I believe private
industry faces a precarious balance, trying to simultaneously maintain consumer
privacy while also complying with our governments’ demands for information,
often issued by mandatory regulations.
The bottom line is not only about the feds leaning on your company or your
clients for records, or suffering a security breach by hackers, but that your
reputation is at stake and you’ve lost your customers’ trust if you can’t
automatically secure sensitive information, Most popular is an electronic
document management system (EDMS), the best option to create a searchable and
secure (filing and retreiving) system utilizing computer software.
As a concerned attorney, I routinely advise businesses to follow through with
all privacy measures required by law. There are many mandatory compliancy
regulations today including: HIPPA (protects healthcare patient records), FRCP
(saving emails & info for possible litigation), SOX (publicly- traded companies
must submit financial disclosure), the Patriot Act (allows law enforcement to
monitor calls and emails, intercept mail, warrantless searches if time is of the
essence, phone taps) and so forth.
1. Conduct an Internal Audit.
Before you can inform your customers about what is needed regarding privacy
policies and practices, you must first understand what they are. Businesses in
document management are normally the first to understand what data they are
collecting, how they are using that data, with whom they are sharing that data
with, how that data is being protected, and other related issues. All businesses
need to be aware of this and the ramifications it brings.
Once a company’s policies and plans for collecting and/or using customer
information are clarified, these policies should be communicated through a
company wants to be contacted in regards to any information, and normally lists
the types of third parties that may have access to such information. Be sure to
follow all laws and legal requirements in this regard.
3. Be Broad.
broad as possible. This will give your company greater latitude if you are
forced by the government to hand over data or are faced with other potentially
unanticipated events such as corporate restructuring, mergers and acquisitions.
4. Plan Ahead and Be Prepared for the Inevitable.
Anticipate the fact that any company with access to client information could
face a government subpoena demanding your client’s personal information records.
By understanding that this can happen, you can suitably prepare your policies in
order to set your clients’ and customers’ expectations regarding the privacy of
their personal information. This may help you to avoid making a strong privacy
promise to consumers that governmental demands will not allow you to keep!
5. Seek Prior Consent.
As you are hopefully aware, it’s a smart idea to obtain prior consent from
your consumers/clients about potential personal data transfers that could be
subpoenaed by the government. The same holds true for other types of transfers,
including transfers to business partners and service providers.
6. Conduct Due Diligence When Outsourcing.
If applicable, you and the customer should examine how the third-party
service provider’s experience works with regard to privacy and data security. If
you are a service provider, realize that many customers will investigate privacy
complaints a service provider has faced and will make sure you’re complying with
all U.S. and foreign laws, especially when outsourcing.
7. Protect Your Website.
If you haven’t already, it’s good practice to implement a web monitoring
program that automatically runs privacy scans to ensure that the site hasn’t
been compromised and that privacy measures remain intact.
Without question, protecting your customers’ privacy could be a cumbersome
task. However, for those offices and businesses going more “paperless,” the
providers of document management solutions and security software technology,
designed to electronically secure documents with a variety of interface software
programs, are creating multiple business opportunities for both manufacturers
and their dealer/suppliers, as well as keeping information safe.
Jacqueline Klosek is a Senior Counsel in Business Law Department of
Goodwin Procter LLP. Author of two prior books: “The Legal Guide to e-Business”
and “Data Privacy in the Information Age” as well as numerous articles. A member
of the American Bar Assoc. and others.