Protect customer data with these 5 essential steps
Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business.
The technologies that help companies engage with their customers also generate, store and analyze a treasure trove of data.
Such data is invaluable to organizations seeking to differentiate themselves in a digital market by better serving their customers, but to protect customer data -- which is attractive to hackers and often subject to a number of regulations -- requires a high level of security and governance.
Strong cybersecurity technology can help protect customer engagement software, but it's only part of the solution. Experts said organizations must also think more about their data strategy overall, their governance policies and what they can do to minimize risk around the customer engagement function.
Experts like Nicole France, Constellation Research analyst, and attorney and SANS Institute instructor Benjamin Wright recommend the following steps to better protect customer data.
- Know and follow relevant laws and regulations. The California Consumer Privacy Act and the European Union's General Data Protection Regulation (GDPR) are the most significant laws regulating how companies can handle consumer data. But they're just two of a growing number of laws that dictate when, where and how data can be handled. It's incumbent on organizations to keep up with such rules and understand that noncompliance can be costly: British Airways, for example, is facing a $230 million fine under GDPR rules as a result of a 2018 data breach.
- Act with ruthless transparency. As Wright said: "Tell your customers what you do about collecting data, storing it, sharing it and deleting it."
- Reduce risk whenever possible. To make it easier to protect customer data, France and Wright said companies should consider collecting less data on customers, determining what pieces of information they need to best drive engagement with them, and collect and keep only that data. "Think about how you can work with a customer better while collecting less personally identifiable information," Wright said. "Ask: 'How can I fulfill my mission while knowing less about my customer?'"
- Restrict access. Executives should identify what information they hold in their customer engagement systems and limit the systems and people who can access it to only those who need it. "Make sure the information doesn't get scattered around the organization or sent out to people," Wright advised.
- Appoint a chief privacy officer. This officer should augment the work done by the chief security officer, Wright said. The position should have the authority, training, expertise and budget to make an impact in the organization, so along with the security leader they can "fight the bad guys every day and get better." Wright added: "Organizations [that] identify officers with powers to really do things show the outside world that they're working on this, that [they] really do care."
Strong security proves to be a differentiator
Consumers are not particularly tolerant of companies that expose or misuse their personal information. The "Global State of Digital Trust Survey and Index 2018," conducted by analyst firm Frost & Sullivan for software maker CA Technologies, found that 48% of consumers have stopped using the services of an organization because of a breach, and only 49% of the 990 consumers surveyed said they're willing to provide personal data in exchange for digital services.
Those figures don't bode well for business overall, Wright said, but security-minded organizations could differentiate themselves by promising and delivering higher levels of protection to consumers than competitors. "We're going to see companies that over time build a reputation for not abusing that consumer trust," he predicted.