Your customers depend on you to protect their personal information, but the reality is that protecting your customers’ privacy isn’t totally within your control.
The U.S. Patriot Act allows the government to collect your customers’ data if they claim the data mining is to prevent terrorism.
"Private enterprises are being put in the very difficult position of trying to respond to governmental demands while also honoring promises made to customers and clients," explains Jacqueline Klosek in her book "The War On Privacy."
You might not have full control, but there are measures you can take to inform your customers of your commitment to protect their personal data, and to follow through on that commitment. Klosek offers these tips:
Conduct an internal audit. You need to understand your privacy policies before you can inform your customers about them, suggests Klosek. This information includes understanding what kind of data you collect, how you use that data, who you share that data with and how you protect that data.
Be prepared for the worst. "Anticipate the fact that your company could face a government subpoena demanding your clients’ personal information records," warns Klosek. Draft your policies so you prepare your customers for this unfortunate possibility as well.
Conduct due diligence when outsourcing. "Examine the third-party service provider’s experience with privacy and data security," advises Klosek. You’ll want to know what they do with customer data before you hand over your customers’ personal information