“Privacy is not just a compliance issue for the legal department. It should be a priority for everyone. You have to translate privacy into a customer issue because this is really becoming the holy grail of doing business for everyone in an on-line world”. – Larry Ponemon
The quote is apt and clearly describes why maintaining customer privacy is part of great customer service, and the fact that it is the responsibility of everyone in an organization. We know that a lot of business has moved to digital methods and online sharing of information and data. An increasing number of companies are in the e-commerce space and even the brick and mortar ones have an online presence – this is so since it is what customers want. Almost all information about people is online today – bank details, tax filing, education, business details, personal information, and other such data, which is confidential. Customers provide a lot of such private information to companies in order to engage in business, and it is the sacred duty of companies to show concern and maintain the privacy of this information. Those companies that neglect this crucial duty leave themselves vulnerable to loss of customer faith and loyalty, and vicious litigation, which would ultimately ruin the reputation of the company.
The issue of maintaining customer privacy is becoming a major concern for every company, irrespective of size and industry. No one is safe from ‘phishers’ and those that intentionally violate the integrity of confidential data. Internet security companies have raised the issue of data privacy several times, and those involved in creating technology for phone services too, have expressed concern over blatant violations and irresponsibility on the part of companies. While companies must have their internal privacy laws and guidelines, each one in the organization must also be aware of and abide by the existing rules and laws set out by the governing bodies. Companies that fail to comply or fail at maintaining customer privacy are liable to face criminal and civil consequences. In addition, privacy breaches do invite lawsuits from the ‘violated’ customers. It is therefore, in a company’s best interest to provide top quality service that includes keeping their confidential and private information safe.
In order to serve customers well and include personalization and customization, companies need to collect and collate relevant information from their customers. However, it is the right of the customers to expect that their information will be treated with respect and that the company would ensure that their data and privacy were never violated and abused. Every company must therefore have stringent rules and strict policies for acquiring, storing, using, and sharing information. Each person working within the companies must understand and sign a confidentiality agreement that would make them responsible for protecting customer privacy and be liable to penal action if they were to abuse or violate it.
In the interest of maintaining customer privacy, everyone in the company and especially those that handle customer information, must know the process and policies for handling such sensitive data. Companies must conduct regular training to ensure that everyone remains aware of the new laws and understands the consequences of negligence and abuse. Employees must comply in order to mitigate risks and customer ire, which could lead to the downfall of the company. There is always the very real fear of human error, which is why companies must consistently practice caution, and constantly evaluate their security systems and procedures. Several companies ask their employees to sign declarations of privacy and a declaration for the handling of personal information of customers, to ensure that there is shared responsibility, and no one can claim ignorance if things do go awry. Customers too must be provided with the policies and procedures that a company has in place for maintaining customer privacy. This enables customers to understand if or when there are any breaches, which they can bring to the notice of the company.
As mentioned, maintaining customer privacy is the responsibility of each person in a company, and there must be at least one person from the senior leadership with overall accountability for this highly sensitive job. Putting together a team to ensure compliance works well and it would be the job of this team to ensure that everyone remains compliant, handles sensitive data responsibly, manages complaints and inquiries with regard to the company’s privacy policies, and other such responsibilities. This would be true for any company, irrespective of size. While the team may be responsible for ensuring compliance, maintaining customer privacy is everyone’s responsibility and duty.
Companies tend to go overboard while collecting personal information of customers, in a bid to increase business and widen their customer base. However, in the interest of maintaining customer privacy it is essential that they collect only as much information as they would need immediately, and not because it ‘might be required in the future’. The more information a company collects, the harder it becomes to manage it and maintain its sanctity. Customers and prospects must have the leeway to interact with a company even without divulging personal information and data, until they absolutely want to and feel comfortable with sharing.
Another aspect of maintaining customer privacy is using and disclosing information only for the purpose for which the company may have collected it. In the event that the company requires to use the information, or disclose data, it can do so only with the express approval and consent of the customer. The disclosure of information should be within the guidelines and should not cause any inconvenience or misuse of the data. Companies must try, at the outset to run their businesses without using or disclosing customer personal information, and utilize the information only when and how much is necessary. Extreme caution and care must be exercised when handling sensitive information, since any kind of misuse or leaked information can easily become the basis of serious litigation, public ire, and the loss of a large number of customers. Many companies have had to shut shop owing to negligence while maintaining customer privacy, and have ended up with litigations and debt.
Even within the company, personal information and customer data should be used and accessed, only when necessary and there must be strict controls to ensure that only authorized personnel are able to access the information. By limiting the number of people with access and authority to such information, a company would be better placed at maintaining customer privacy. While guidelines state that a company must maintain customer records for a stipulated period, some companies forget to purge old records, leading to misuse. Records of customers no longer with the company, or old records of current customers must be destroyed in accordance with the Privacy Act and the company’s policies around destruction of information. This would keep everyone safe, and would prevent old and neglected records from being manipulated, or misused in any manner.
Maintaining customer privacy should be part of a company’s strategy, and must never be left to chance. If a company does not have a stringent privacy policy in place, it must do so immediately and inform both employees and customers of their responsibilities and duties in that regard. A sound policy for maintaining customer privacy, will prove to be your company’s armor against malefactors and miscreants, keep your company safe from dishonor and litigation, and allow customers to trust your company over other players.