Data protection

Most of us are concerned about the protection of our data and some of us go to great lengths to keep it safe. All kinds of storage options are being explored and backups are being made at regular intervals to ensure we are not left high and dry when disaster strikes. And disaster might strike at any time with computer failures, network interruptions or – worse yet – hacker attacks or ransomware on the horizon at any given time.

However, this is not the only kind of data protection we need to worry about: have you ever given any thought to how you deal with and secure your customers’ information?

Think about it: we keep a lot of data about our customers that might be valuable to not just relatively harmless email address collectors for slightly annoying direct marketing schemes, but we also keep the kind of information that hackers are looking for in order to make life extremely difficult, if not unravel it completely, should that information fall into the wrong hands.

Let’s take a look under the hood: of course you’ll need customer related data to do your work: email addresses and phone numbers are the bread and butter of any kind of online dealings with customers, and if you write any invoices you’ll need a lot of additional information, including physical addresses, bank details, customer identification numbers, etc. And obviously, the invoices also point towards investments, refurbishments and all kinds of personal details about the customer and his or her particular circumstances. Imagine someone getting the details about a customer having a security system installed with details about one room being more secure than the rest of the house. Yes: it may put some people off, but it also tells us something about the need to secure a place that holds something valuable, doesn’t it?

As with so many other things, we are collectors, and while there might be a need to establish that information to get the job done, we not only need to ensure that the information is secure, but there is an obligation (and usefulness) to making sure that the data is regularly reviewed and purged of what is no longer necessary. Why keep a lot of data pertaining to inactive customers where it’s readily available? There are ways to keep that data stored offline, or otherwise out of harm’s way. The only thing you need to ensure is that it is secure, and can be found when necessary.

This being said, have you ever considered that your customer information might not need to be accessible to everyone in your company, that there could be room for a system that only gives access to sensitive data to those who actually need to work with it? If you have employees, do all of them have the same level of trust? Do you give access to all your data to newly employed people or do they need to gain your full trust before that happens?

It might be useful and necessary to assign one of your employees as a data steward, even if the data cleansing process is a small job right now. Besides the actual work, there is good reason to stay on top of not just what you think is necessary and useful, but also what you are legally obliged to do. Keeping with the times (and the law) is one of those luxuries you cannot afford NOT to have. If you are not aware of your legal obligations or want to catch up on the latest requirements, have a look at the website of the Information Commissioner’s Office’s website at https://ico.org.uk/  and especially at the training videos here: https://ico.org.uk/for-organisations/improve-your-practices/training-videos/.

These are important matters to consider. You are under legal obligation to make sure the data is secure and the instructions here will help you ascertain not only if you have the necessary systems in place, but also if the nature of your business and how you handle which kind of data actually requires you to register a notification under the Data Protection Act! Failure to do so might have repercussions for you.

Data protection is something that doesn’t just happen at the office. Think about losing your phone! Since most of us in business use our phones as secondary (if not primary) access to our data, and we synchronise almost everything across devices, losing your phone is equal to giving access to all that information to whomever is able to unlock it.

So far, we have only looked at electronic data. Consider the ease with which data can be copied onto a USB key or an external drive and how small those things could be, how difficult to detect on the way out. And that is without thinking about the chance piece of paper or complete binders that an employee with the wrong ideas could simply carry home with them. There are a lot of ways for the resourceful to gain access to your - and your customers' - data.

The point is, we have an obligation to ensure our customers’ data is secure, for our own good AND our customers’. Take the necessary action now.