If you work for a small business or own a small business, odds are that you are a jack-of-all-trades. A little bit accountant, a little bit salesperson, a little bit marketer. You do it all and can take whatever comes your way. With so much information flying at you, it is sometimes easy to miss the things you don’t know you need to know – like privacy regulations. We all see in the news massive data breaches from giant corporations and are disappointed by their lack of containment. We have the expectation that our information is safe with them – but what about small businesses? What privacy regulations are small businesses actually on the hook for?
Personal Information
With Big Data sweeping through each and every industry, there is more personal information flowing through cyberspace than ever before. Some of the most sensitive information are social security numbers, personal information like birth dates, and contact information. While there are few rules regulating how you store and protect this information, there are laws that require you to provide information leading to the resolution of identify theft if you are the one responsible for stolen information – for both your customers and employees. This expectation can cost you money, but more importantly it will cost you time and your customers.
Credit Card Data
The Payment Card Industry (PCI) Security Standards Council has also set standards that all eCommerce sites are expected to follow regarding how credit card information is captured, stored, and disposed of. These standards ensure the website you are using is secure when the credit card information is entered by your customer and that you have set up safeguards that prevent hacking and stolen information.
Cold Calls and Telemarketing
Sometimes, the tried-and-true marketing techniques are what works for your company, and for some businesses that means cold calling or telemarketing. There are quite a few laws protecting the privacy of your customers through telephone though, so be careful before launching a campaign. There are curfew restrictions as well as the National Do Not Call List that prohibits calling certain numbers. Most forms of “robocalling” are also prohibited, so be careful using those types of motorized devices.
Financial and Healthcare Information
Luckily, unless you are a bank or hospital you probably don’t need to worry about most laws regulating privacy in the healthcare and financial industries. You do, however, need to provide a certain amount of privacy for any employees you offer healthcare to. The Health Insurance Portability and Accountability Act (HIPAA) governs most of these rules regarding how you store, share, and dispose of this information. In these situations it is always best to play it safe. Make sure your employee information is secure, and before you share it with anyone make sure to check with HIPAA regulations.
More important than the regulations regarding privacy information is the expectation from consumers. Just about every customer you have will expect that you are properly caring for their information and if there is even a hint of mistrust you customer will head to your competitors. For this reason, it is standard for companies to provide a privacy policy that they are expected to stick to. The more obvious your privacy policy is on your site, the more likely your customers are to leave their information for you.
As more and more data takes to the internet, it is important to play it safe when you’re handling customer and employee information. Regulations can be slow to catch up with new innovations, but that doesn’t mean you’re not on the hook for keeping your customer and employee information private. Consumers have high expectations for how their information is handled, so don’t take advantage of their initial trust. When it comes to privacy practices, you will catch more customers with honey than vinegar.