How to Protect Your Clients' Personal Information on the Web

Organizations have become obsessed with collecting and analyzing customer data and have consequently discovered the importance of keeping this information secure. So what should a small business do to avoid mismanaging this data? Understanding how information is gathered will provide ideas for preventive measures.

A business’s responsibility to its customers has grown from maintaining accurate records to preventing breaches that can damage a company’s reputation as well as customers's finances and credit. The cost of such breaches can be staggering, affecting businesses small and large. For example, Sony’s recent data breach of its PlayStation network is estimated to have cost the company $170 million.

Developing the right processes that identify how customer data gets exposed will not only reveal how to improve your business but will show that you care about your customers’ personal information.

Web analytics solutions for small businesses avoid most data breach concerns when used in isolation, but they can create data integrity challenges when integrated with other data sources and processes. With a few precautions your effort to be responsible with clients’ personal information will ease the fears of the people who matter the most to your business: your customers.

Web analytics solutions use “cookies” to calculate activity on your website such as the number of unique visitors and the average time they spend on the site. Cookies can benefit both online consumers and marketers. Information from cookies allows marketers to better understand customer preferences and develop more appealing messages that convey a brand and better target audiences. Cookies aid consumers by storing user preferences when they return to a favorite site. Cookies do not automatically track personal identifiable information, such as Social Security numbers, driver’s license numbers, full names, or even IP addresses. But a combination of third-party cookies with other databases containing personal information can permit thieves to correctly guess a user’s private data. Thus, a web analytics program installed for a benevolent purpose can lead to unintended exposure when it is combined with other data that is not protected.

The best precautions start with assessing where data exposure could occur:

• Only gather essential information: When information is requested on a contact or sign-up page, examine how essential it is to ask for addresses and personal information upfront. Decide what would qualify a customer, and ask only for that specific information. Also, be thoughtful about allowing visitors to opt out of information tracking. Although a low percentage of online users exercises the option, making it available to them is a reminder that you care about customer preferences. Firefox, Chrome, and Internet Explorer browsers contain a feature to opt out of information tracking.
• Audit data usage: You should audit your organization’s system for analyzing data. Analytics is inherently dynamic; analysis once valuable can become ineffective over time, so an audit can reveal operational changes that can improve metrics as well as integrity. Ensure that security passwords are updated when personnel are no longer permitted access.
• Share your data policy with clients: You have technology and processes to ensure security, but it is your policy that establishes how collected data is used. Let your customers and clients know you have a policy in place so they understand how their information is protected.
• Stay informed on privacy legislation: Following the news keeps you informed of the impact legislation can have on your operations. For example, the Web Analytics Association monitors legislation regarding the legal interpretation of acceptable tracking solutions and could significantly impact digital agencies and corporate marketing departments alike. To be proactive, the association created a Web Analytics Code of Ethics, which is a pact voluntarily signed by Web analysts to support behavior and practices that protect data within a business.