Customer information can be a valuable online marketing tool provided that you follow state and federal privacy laws and recognize best practices when collecting online consumer data. The Federal Trade Commission (FTC) offers helpful information on proper data gathering standards. Non-profit organizations, such as TRUSTe and the Better Business Bureau (BBB), also administer seal or certification programs for businesses that follow best practices in protecting online privacy. This area of law is undergoing a great deal of change so it is important to stay current on your privacy compliance obligations. The FTC has spelled out several key principles to consider when establishing a data collection program.
- Provide Consumers Access to Their Data. It is important to consider a process for allowing customers to review their personal information that your business has collected. This review process should offer consumers a chance to check data for its accuracy and to make any relevant corrections. A good model is the credit reporting agencies that must provide consumers with an opportunity to review their credit histories for accuracy and to indicate any necessary updates or revisions. This review process will help serve as a form of quality assurance of your data collection efforts while promoting greater overall transparency in your data harvesting program.
- Undertake Reasonable Data Security Efforts. Before you start to gather and store consumer data, be sure to have up-to-date security measures in place. Hackers are constantly seeking opportunities to strike at databases of personal information and our newspapers are filled with stories about data breaches. Think about only accumulating sensitive information that you actually need and disposing properly and securely of any personal data not in use. Consider the idea of consulting with data security professionals to determine reasonable measures your business can take to preserve its customers’ personal information. The FTC also provides a variety of free resources to aid data security for a broad range of businesses.
- Follow Your Stated Policy. Disclosing your policies and procedures is only a first step. Be certain that your business consistently follows its privacy promises to avoid potential liability. You should train any employees on your company’s data collection policies and supervise them to help prevent any misuses of accumulated personal information. Some online companies have been required to pay millions of dollars in fines for violating their stated privacy policies. By not complying with your policy, you could be faced with a costly, embarrassing mistake that damages your business revenues and reputation.