Over the past few years, privacy has been a pretty hot topic around the world, particularly in Europe and the US. Consumer privacy or customer privacy is the handling and protection of your visitor’s personal information through forms, newsletters, and online transactions. With the growing concerns over the past few years, and with even more online shopping being done because of COVID, consumers have a right to be worried about their privacy. However, in the EU and US, there are all kinds of new regulations showing up, like General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Privacy Shield, and the Children’s Online Privacy Protection Act (COPPA).
Should your website have a privacy policy?
Privacy policies are currently not required by federal law; however, creating a privacy policy for your website shows your customers that your company is being ethical, responsible, and transparent about their user data. So do you need to have a privacy policy? No. But should you have a privacy policy? Absolutely, yes; and your website should make it clear and easy to understand.
Why should you and your company care about customer data privacy?
The great thing about choosing to provide a privacy policy is it can help avoid potential lawsuits and fines. This sounds great, but as an owner of a website, you might be thinking, “How often will it happen to my site? Or that sounds scary, but really, I have other essential duties than having to worry about protecting our users from attacks.” But think of yourself as a consumer and not a business owner for a second. Would you want to shop on a site that doesn’t worry about your privacy, dignity, and safety? Chances are you probably just cringed at your response.
We need to respect our visitors’ data as more and more internet users have had their private information stolen and experience security issues because of it. Visitors want control over their information, and when misused or inadequately protected, there’s a chance it can result in financial fraud or identity theft.
So why is consumer privacy so important now and not years ago?
Over the past few years, data has become one of the world’s most valuable resources. Different data tools have fueled companies on how they do business. For example, various analytics programs, surveys, third-party tracking, email tracking, and cookies in Google ads or Facebook pixel are the data tools that allow companies to collect data. As a result, almost all interactions with companies willing to use these tools result in consumer data collection.
More data leads to improved online tracking, giving them tremendous economic power and a leg up on the competition when targeting their markets. Because of this and the current minimal online regulations, it is more likely now than ever that consumer information and sensitive information can fall into the wrong hands and be stolen or misused.
Are there laws in place currently to protect consumers’ privacy?
Currently, the GDPR (General Data Protection Regulation) in Europe is the strictest set of data security regulations. Even though it’s based in Europe, understanding how the GDPR can be applied to your website’s privacy policy can help protect your customers’ data. As regulations change in the US, it is better to prepare your site for using existing security protocols.
The GDPR unifies user data laws across the EU and helps protect European citizens as it applies to organizations located in and outside Europe. This makes the GDPR unique because if you collect personal data from someone in a European country, no matter if your company’s located in Europe or any other country globally, you are required to follow the GDPR rules.
The closest law the US has to the GDPR is the CCPA (California Consumers Privacy Act), which went into effect this year on July 1st, 2020. The CCPA is a law that allows any California consumer to demand to see all the information a company has saved on them, and a full list of the third parties that data is shared with. This law gives the power back to the consumer and allows consumers to sue companies if the privacy guidelines are violated. Where the CCPA is different is it only applies to California and not the entire US. It’s also different in who it applies to:
- Businesses that make more than $25 million a year
- Businesses that acquire consumer or household information on 50,000 or more California residences
- Businesses that make more than 50% of their yearly revenue from California consumers information
Ultimately the hope is that the rest of the country will follow and eventually lead to new laws across the United States protecting consumers.
What are some tips for companies to improve their websites’ consumer privacy?
1. Limit the Data You’re Collecting
Ask your visitors only for information needed around the services and products you offer. Site visitors can become annoyed or bounce off your website if they’re being asked to give extra information that doesn’t relate to what they’re currently viewing on your website.
2. Protect the Data You’re Collecting
Make sure you have the proper security measures in place to protect the information you’re collecting. Who has access to the data? Are there security measures in place around the company’s databases, servers, and websites? Talk to your developer and IT teams to find out. Some suggestions include encryption coding when storing or sending essential customer data and addressing your firewalls.
3. Have a Great Authentication Process
As the website or company owner, require any employees that have any access to consumer data to create complex passwords that bots and hackers have trouble breaking. Many platforms like WordPress offer suggestions for complex passwords – use them and change them frequently!
4. Understand What Hackers are After
What’s the value of the information you’re collecting, and how could hackers steal it? Knowing what it can be used for can help decide what security measures need to be put in place and how advanced they need to be. Thinking you’re a small business and hackers or bots won’t come after you could leave your business significantly more vulnerable to attacks. An attack that could lose your business tens of thousands of dollars, which is a lot more costly to a small business than a large company. So, don’t neglect threats.
5. Provide a Privacy Policy
Provide a clear and easy-to-read privacy policy for site visitors to understand your data collection and your company’s business practices. Your privacy policy helps to serve as a legal agreement that protects the business.
6. Keep Your Site Up-to-Date
Don’t skimp, invest in current plugins and security software. Many older and out of date programs are easier for hackers to break into. Look for plugin updates and security settings that can help strengthen your website.
What are some privacy attributes that your website should offer to visitors?
- Recaptcha on form submissions
- Hypertext Transfer protocol secure (Https) with an SSL certificate added to the site for visitor protection
- Passwords for account creation on ecommerce sites
- Digital Signatures
- Opting out capabilities for accounts tied to bank accounts, credit cards, and other utilities
Companies of any size can use the protection tips and information provided above when collecting consumer data. The moral of the story here is don’t think you’re too small to be found by hackers or that updating your consumer privacy needs can be neglected. Future consumer regulations are right around the corner in the United States, and staying current can save your company time, energy, and future headaches.
If you have any questions or are looking for help with your website, contact Evolve Systems for more information by contacting us or calling us at 651-628-4000.