5 Ways to Show Your Customers You Respect Their Data

There are a lot of ways to get on your customers’ good side. Illicitly sharing their data is not one of them.

Nowadays, companies have to do more than ever to make sure they’re on the right side of that data privacy line. Before, you had to try to divulge sensitive information; now, you have to try not to. But try we must if we are to stay compliant, protect our corporate interests, and show clients we’re a safe place for them to do business.

Here are five ways to show your customers you respect their data.

1. Bulletproof your privacy policy page.

   Customers (and potential customers) want to have some assurance these days. With so much racket in the media about yet another data breach. The average consumer is a lot more data-savvy than they used to be. Don’t be surprised if they shop your privacy policy when picking a new vendor. If they don’t like what they see, they won’t buy. They understand that without proper data protection, their investment could actually translate into a giant liability, giving baddies access to the corporate network at large and costing them more than they came in with. A good rundown should tell the customer:

   1. What data do you collect?
   2. Why did you collect it?
   3. How do you protect that data?
   4. What steps they can expect from you in the event of a data breach

2. Only take what’s necessary.

   The underlying win to you displaying your privacy policy is that you can show how little you take. If the case is otherwise, you may consider reconsidering. The “big bad” of data accumulation is that people think you’re taking more data than you need for business and selling the extra to marketing companies. Again, if this is you, perhaps rethink your strategy (becoming the next Cambridge Analytica would not be very unpopular right now). So, what are allowed to collect (and still be the good guy)? Metadata. Anonymous stats (like intent data) without linking them to individual people. Also, always provide a way for customers to opt out of certain data collection practices. It’s their right, and that leads to the greater issue of compliance.

3. Brag about your compliance.

   Consider this a very boring “humble brag” that will earn you a lot of points. And more than that – customers need to know. Vendors and partners really need to know, but that’s a blog for another day. The time is now for the age of customer privacy protection (just look at the trending increase in government policies). People want to know they’re getting what they’re entitled to. Personal information rights are an embodiment of human rights, as it encompasses free speech, and privacy, and protects the expression of other human rights as stated, for example, in the US Constitution; “life, liberty, and the security of his person.” All that to say that the time to fall behind on staying compliant with present and emerging data rights policies is not now. Dedicate a team to this. Put your marketing department to the task of advertising how your personal information collection policies are above board. Make this a central feature of how you do business; your customers are.

4. Don’t share their information with ChatGPT.

   This goes for all generative AI; Bard, Bing AI, Sparrow, YouChat, ChatGPT, Chatsonic…the list is sure to go on. But the point is the same; Sharing data (any personal information) with these chatbots means that whatever is divulged is now public domain. In other words, if you share a list of customer email addresses with ChatGPT for easier lookup later, someone asking the right questions somewhere else in the world could equally access the same list. Cybersecurity firm Cyberhaven expounds: “Because the underlying models driving chatbots like ChatGPT grow by incorporating more information into their dataset, there is a real risk of sensitive data provided to ChatGPT becoming queryable or unintentionally exposed to other users.” They explained that per their own research, companies adopting the generative AI model triggered thousands of personal information egress instances weekly, leaking everything from source code to client personal information. Their advice? “Put into place controls…which [monitor] for data being sent to domains for services like ChatGPT, regardless of what endpoint they use, and can enforce policies that block the sharing of sensitive data.”

5. Make privacy your culture.

   Look at Google. Look at Apple. While we won’t get into the bigger (perhaps ironic) discussion of how they use your data at large, we will say that they have a public-facing data privacy front. Google has a password manager so you can make secure credentials that can’t get hacked by bad guys. Apple offers you data privacy at every turn so other companies (operative word other?) can’t get unwarranted access to your data. And so on. Train your people in data security practices. Invest in security awareness training – the Gartner Digital Markets Survey notes that it will go miles with your software buyers – and make sure your employee base is up on all the current privacy practices, policies, and compliance requirements. This requires top-down leadership and often departmental changes in processes and everyday modus operandum. When the rubber hits the road, they are going to be the ones to make sure all customer-facing data protections actually get carried out, so spend the time investing in best practices and making sure they know how to implement them.

Protecting consumer data is the right fight. Companies that engage now will earn trust with a customer base that is increasingly making data privacy a higher business priority than ever.

Author Bio

An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.