However, trust is a fragile commodity, and once broken it can seldom, if ever, be regained. Consequently, not only should you ascertain the proper use of customer information, but also ensure that all perceptions related to this issue are handled correctly.
An organization's actions rather than words are a better reflection of its real intent. Most customers are intelligent enough to distinguish between politically correct lip service and sincere action. To sustain a customer's trust, a company must support its policy with concrete action. Over time, a company must embed privacy in its business processes, and establish roles and responsibilities to ensure compliance. Remember, to a customer, this is an issue that showcases the company's beliefs and core values.
One must be aware of the legal implications of abusing a consumer's privacy. Since the Freedom of Information Act of 1970, there have been many laws passed by Congress to protect the privacy of individuals, including:
Fair Credit Reporting Act, 1970
Privacy Act, 1974
Right to Financial Privacy Act, 1978
Health Insurance Portability and Accountability Act, 1996
Federal Internet Privacy Protection Act, 1997
Communications Privacy and Consumer Empowerment Act, 1997
Data Privacy Act, 1997
Children's Online Privacy Protection Act, 1998
Financial Services Modernization Act, 1999
Privacy Guidelines For Companies
In light of these laws, every company must take steps to ensure the privacy of visitors to its Web site. Here are some things a company can do to ensure both compliance with the law and maintaining the trust of its customers.
Request only information that is absolutely necessary. For example, using Social Security numbers as a customer identifier is not a good idea.
Protect information at all times. Do you have security strategy, processes and infrastructure in place to prevent the theft of customer information?
Disseminate collected information carefully. Is the information treated on a strictly need to know basis even among company employees? Is this information sold or shared with external entities?
Ensure accuracy of information. Is the information correct and consistent across sources and data stores?
Update information regularly. Are there processes in place to periodically verify information?
Clearly establish and communicate the ownership of information. This is a gray area and must be handled with care.
Clearly establish and communicate the ownership intellectual property rights.
Provide customers with access to information about themselves at no charge.
Clearly establish and communicate the means of information access. However, ensure that privacy is not compromised when using one of these means.
Provide means of updating/changing information.
Provide mechanisms to challenge potentially damaging information.
Provide equitable means of conflict resolution.
Clearly notify consumers of policies and practices as they relate to privacy of personal information.
Periodically review and update these policies.
Clearly obtain consumer's consent prior to disseminating information about them.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.