Rate this Content (5 Being the Best)
How to Protect Customer Data
By Theodore J. Kobus III
Recently, the Federal Trade Commission released its final report, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers.” This final report calls on Congress to enact general privacy, data security and breach notification, and data broker legislation in order to protect consumer privacy. While Congress works on drafting legislation, the FTC is calling on companies to self-regulate by adopting the “best practices” set forth in the FTC’s privacy framework. The FTC’s recommended “best practices” are: (1) privacy by design; (2) simplified choice; and (3) greater transparency.
The privacy framework applies only to commercial entities that collect non-sensitive data from more than 5,000 customers per year. Moreover, to the extent that the framework goes beyond current legal requirements, law enforcement is not to use these “best practices” as a template for actions or regulations under laws currently enforced by the FTC. However, it is expected that the principles of the privacy framework will appear in resolutions to FTC enforcement actions as requirements of consent orders. Therefore, as Congress uses these best practices to assist in drafting privacy legislation, and the FTC starts to incorporate them into its enforcement actions, companies must adopt them in order to best serve their customers.
Privacy by design: This element recommends that entities build in privacy at every stage of product development. Substantive protections include data security efforts such as encryption, reasonable collection limits, sound retention and disposal practices, and data accuracy. Policies and procedures should be designed that:
- Protect personal information from unauthorized access;
- Keep personal information up-to-date;
- Require that business partners with which information is shared exercise reasonable efforts to maintain the confidentiality of personal information about customers;
- Educate employees regarding privacy and best practices for protecting customer information;
- Protect personal information transmitted via websites during online transaction.
Simplified choice: A consumer should be offered a choice at the time, and in the context, that his or her data would be used. Affirmative consent should be obtained before data is used in a manner different than when collected. Consent should also be obtained when sensitive data is being collected for a certain purpose. Your clients should let their customers know that they can opt-out of having their information used for marketing purposes; and having their online behavior tracked by “cookies” or other technologies that deliver content specific to customer interest.
A consumer should be provided with reasonable access to company-maintained data. The extent of a consumer’s access should be proportionate to the sensitivity of the data and the nature of its use. In privacy policies, educate clients regarding how consumer information is collected and used, whether the information is personal identifiable information or is non-personal. Also, clients should provide consumers with contact information should they have any questions regarding their personal information.
Compliance with the above privacy framework will help your client’s business, and more importantly, help the customers they serve. Not only will their business be following best practices recommended by the FTC, your clients will appreciate that you are keeping them, and the security of their end-user’s information, a top priority.
Cutting grass for neighbors
My wife and kids
Kayaking and hiking
Key to Success:
The way that organizations treat privacy and information security is a part of the customer experience and all businesses should make addressing these issues a priority.
If You Could Have Lunch With Three People…:
My grandmother, Ronald Reagan, and any of the Supreme Court Justices
The Poisonwood Bible.
Favorite Vacation Spot: Kenya and Hawaii
Current rating: 0 (0 ratings)