Many small business owners routinely collect customer information such as physical and postal addresses, dates of birth, identity numbers, e-mail addresses, and telephone and cell phone numbers.
Depending on the nature of the business, customers’ medical histories, credit card, and banking details, personal tastes and interests may also be in the hands of small business owners.
This is a big responsibility and small business owners should not be lax in protecting their customers’ information.
Failure to do so could be seen as a breach of South African legislation such as the Protection of Personal Information Bill (when it comes into effect) and the Consumer Protection Act.
This would leave small business owners open to prosecution or other punitive measures (e.g. fines) as provided for in the applicable legislation. Competitors can use what they learn to design tailored campaigns to encourage customers to shift their loyalties or to tarnish the small business’ reputation by posing as the business in interactions with customers. Fraudsters can commit identity theft, making life miserable for the customers they impersonate. Permanent data losses due to human error or mechanical failure can cripple a small business, potentially even forcing it out of business if it is unable to regroup adequately.
Measures that small business owners can take include:
- Ensuring that all computers and servers that receive, process and store customer data are protected by anti-virus software to detect and neutralize viruses and spyware.
- Encrypting data and selecting robust passwords (this also applies to wireless networks).
- Restricting employee and supplier access to customer information to limit instances of deliberate or accidental leaks.
- Signing non-disclosure agreements with suppliers and business partners.
- Properly disposing of paper documents (e.g. by shredding) or storing them securely.
- Putting in place physical security measures to prevent the theft of computers and servers.
- Backing up data by saving it on a CD or DVD and keeping it at a separate location, or utilizing a cloud-based data backup system.
- Collecting and storing only necessary and essential customer information (e.g. online stores can use a payment processing gateway and do not need to keep credit card details).