Safeguarding Customer Privacy

For Sale on the Internet

Technology has facilitated the ability to access high quality fake identification tools such as driver’s licenses, birth certificates and Social Security cards. The ease of creating authentic-looking counterfeit documents and obtaining confidential information has prompted consumer groups to call for stronger protection.

To show how privacy is at risk, the California-based Foundation for Taxpayer and Consumer Rights once offered to pay $26 each to obtain information about top White House and other administration officials. The not-for-profit group said it purchased Social Security numbers and other personal information for the head of the CIA, the Attorney General, the Labor Secretary, the FTC Commissioner and the president’s chief political adviser. (Information about the president was not for sale, the group added.)

For example, California and other states have adopted strict privacy-protection laws. In addition, privacy provisions form a part of the federal Health Insurance Portability and Accountability Act.

One reason these and other laws have been enacted: The exponential growth of identity theft using computers and the Internet. Another reason: Companies want to buy demographic information more easily and send customer files to data-mining companies that specialize in profiling. This lets businesses anticipate what particular customers might want to buy or do.

The laws differ in their nuances, but the main focus is to protect personal information and to restrict how you share the data – inside and outside of your company. In some cases, the laws allow companies to ask customers if they can share data. Others let businesses share information as long as customers are given the opportunity to opt out. In other words, if the customer doesn’t opt out, you can share the data.

With so many different laws, it’s hard to keep up. But with professional help, you can institute a policy for your firm that can help avoid violations of privacy. Here are five considerations:

1. Communications to customers should not disclose the names of other customers without their permission.

2. Messages containing private and confidential information should only be used on a need-to-know basis. They shouldn’t be broadly distributed, forwarded, or shared inside or outside the organization.

3. If you send or receive e-mail messages internationally, you must be aware of the laws governing confidentiality in the countries where the other e-mail systems are located.

4. When responding to customer inquiries, disclose the relevant employees’ names, titles, telephone numbers and business functions.

5. Forwarded e-mails should not be altered. Changes can invalidate the authenticity of the original messages.

While owners or managers can be very good about keeping data private, it’s important to restrict access to customer information so that line-level employees and others don’t mistakenly divulge data.

Final Note: Because of the complexity of the laws governing data sharing, companies need professional guidance.

© 2017