A Seven-Step Guide to Protecting Customer Privacy By following these tips, small businesses can create a privacy plan that boosts customer trust -- and sales.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

Protecting Customer PrivacyThink protecting customer privacy is only an issue for business giants like Facebook and Sony? Think again.

Many small companies have lost customer trust or even been sued over privacy mishaps in recent years. And they're likely to face more problems as digital data files grow in size and importance to modern business.

You are legally, if not morally, obligated to treat your customers' private personal data respectfully and fairly. But protecting customer privacy need not be a drain on your company. Done wisely, it can create customer goodwill and even lift sales, while reducing business and legal risks.

Such a strategy involves more than securing a network from hackers and posting a boilerplate privacy policy. Here are seven steps that can help you build a comprehensive and effective privacy plan:

1. Conduct a data privacy audit.
Step one is to understand what data your business needs, what data it's collecting and how data is being stored and secured. Consider also your legal obligations if you handle medical, financial or minors' data.

Businesses sometimes collect more data than they realize because they've used third-party software code that does so automatically or because a partner, such as an advertising network or analytics company, is pulling data.

Related: Three Tips for Using Public Wi-Fi Safely

Lack of attention to this data collection is what often sparks a crisis, says Jules Polonetsky, director of the Future of Privacy Forum, a Washington, D.C., think tank. But you can avoid trouble by making sure someone in your organization is responsible for data privacy, be it a full-fledged chief privacy officer or simply the marketing director.

"No one ends up knowing what is collected and kept from beginning to end unless someone is in charge of that," Polonetsky says. "Someone needs to be accountable."

2. Minimize data collection and retention.
What you don't have can't hurt you. Privacy advocates recommend that companies collect and store only data they need to deliver their product or service. Sometimes businesses gather extra information because they think they might want it in the future. But doing so increases risk. Data can be lost or stolen by hackers, and customers can mutiny if they feel you're asking unnecessarily intrusive questions.

3. Secure the data you keep.
Even if you don't take credit card numbers, other personal data you keep could be valuable to identity fraudsters. It's embarrassing, not to mention costly and damaging, to tell customers their personal information has been compromised in a hack. And such disclosure is often legally required. So be sure you have secured your network, databases and website.

Related: What to Do If Your Business Gets Hacked

4. Post a privacy policy.
Commercial website owners are required by law to post a privacy policy. And most app platforms also require one if your app transmits data. It isn't enough to cut and paste a boilerplate policy. Regulators consider privacy policies legally binding agreements between you and your customers. You should describe your current business practices fully and accurately.

Fortunately, there are online tools that can help you create a privacy policy. PrivacyChoice, for instance, offers a free online tool called Policymaker to help develop policies for mobile apps and websites, as well as consulting services for a fee. Another option is TRUSTe's Privacy Policy Generator, and packages of related services ($499 and $995 a year).

5. Communicate with customers.
A privacy policy is a legal document that customers rarely read. But they do expect simple and clear descriptions of company data practices at key moments, such as when they're asked to provide data and when you add new features to a product or service or make policy changes.

Privacy advocates and industry groups such as the Online Trust Alliance recommend direct and upfront communication with customers about data you collect and your plans for using it. That's especially important for small companies without recognized brands that people know and trust. Most consumers will happily supply personal data necessary for a service they want. For instance, Amazon.com keeps purchase data and uses it to deliver product recommendations that millions of customers embrace.

Related: What Technologies Banks Should Be Using to Keep Your Money Safe

6. Give consumers a choice.
Recent research suggests customers expect settings and features that let them choose whether to share data, not sweet words about your respect for their privacy, Polonetsky says. They want to see signs that businesses are "serving" them, not "selling" them.

7. Provide a forum for complaints.
Give customers an online form or email address for communicating their privacy problems or concerns. And be sure to respond to their messages. Such two-way communication can help build trust and loyalty -- and help avoid potential privacy crises.

"Don't think you're too small to be noticed in this world of savvy critics," Polonetsky says. "One aggrieved customer on Twitter … can send the most minor complaint viral."

Wavy Line

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
Lock
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
Lock
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Starting a Business

5 Tips For Launching a Business While Keeping Your Day Job

Launching a business while holding down a 9-to-5 is no small feat. It's a common path for aspiring entrepreneurs, but it's not without its challenges.

Side Hustle

A Simple Household Chore Turned Into a Side Hustle — Now She Earns Up to $24,000 Per Month

Christian Sanya, 44, was working as a medical laboratory technologist in 2019 when she discovered a side gig that would change her life.

Business News

The Virgin Islands Want to Serve Elon Musk a Subpoena, But They Can't Find Him

Government officials would like to talk to Tesla's owner as part of an investigation into the Jeffrey Epstein case.

Business News

Florida Burger King to Pay $8 Million to Customer Who Slipped and Fell in Restaurant Bathroom

The case marks one of the largest slip-and-fall verdicts in Florida's history.

Leadership

Why Time Management Doesn't Work — And How My Team Doubled Their Productivity Once I Started Doing This Instead

Time management is killing your productivity – here's why and what you need to do to increase your productivity instead.