Why Data Privacy is so Critical to the Customer Experience
As I was unsubscribing large number of junk emails today, I was thinking, it’s one thing to ‘unsubscribe’ and declutter the inbox, but over the last few years how many companies have I given my data to? How many companies ‘out in the ether’ would have details of my address, birthdate, email address, physical address even though they may no longer be sending me spam?
As we approach a new and exciting era of the tech savvy consumer, retailers have access to more consumer data than ever. Being able to provide personalised customer experiences is pivotal to the retail experience, and customers are often willing to provide sensitive data. This customer data, whether that is in the form of loyalty cards, competitions entries or purchase history, comes with the expectation that it will be treated with the utmost security. Think Vodafone – failure to adequately protect consumers’ privacy can tarnish your reputation, hinder the ability to build a trusting relationship with consumers, and attract hefty costs. Therefore, it is no longer an option to turn a blind eye when it comes to understanding and complying with privacy laws.
What is the relevant law?
In brief, if you are a retailer with an annual turnover of that exceeds $3 million, you must comply with the Privacy Act 1988, the Australian Privacy Principles and the Notifiable Data Breach Scheme. The Privacy Act 1988 (Cth) (Privacy Act) is an Australian law which regulates the management, storing, access and correction of personal information about individuals. Additionally, if there is a data breach, under the Notifiable Data Breach Scheme then you may be required to notify the regulator of the breach regardless of annual turnover.
Retailers must ensure reasonable steps are taken to destroy or de-identify personal information when it is no longer needed and ensure that procedures are in place to store customer information securely. For example, storing customer information on a personal mobile device which does not provide encryption software and is not owned by the company may been deemed to be inadequate in protecting client’s personal information from theft and misuse. If a procedure is not in place instructing staff how to manage customer data, employees may be left to guess what is appropriate and what is not, which can lead to unintended privacy breaches.
What do I do in the event of a data breach?
Under the Notifiable Data Breach Scheme, any entity who believes that they have been subjected to an ‘eligible data breach’ will be required to self-report to the Office of the Australian Information Commissioner (OAIC). These breaches can result in a civil penalty particularly where breaches are considered serious and repeated.
Are Legal Operations the answer?
Good leaders require good advisors, particularly when retailers dabble in a wide variety of matters and thereby leave themselves with blind spots – a common oversight is in relation to maintaining customer privacy. Retailers need to be aware of what they ‘don’t know’ and engage the right experts at the right time.
In order to address some of the growing legal complexities affecting retail, many retailers are utilising Legal Operations to function as a safety net to minimise risk and prevent avoidable and costly delays in their business objectives. Particularly with the complexities of privacy obligations for retailers, Legal Operations can help retailers to avoid penalties through diligent review of privacy and legal obligations, establishing procedures and protocols, and acting prompting in the event of a data breach.
Peace of mind
As a manager, owner or person responsible at a busy retailer, having the right policies and procedures in place can provide piece of mind to you and your customers. Your customers can feel comfortable handing over their data with the knowledge that you take privacy seriously and that your employees will not inadvertently breach the law. You can breathe a sigh of relief knowing that not only have you done all you can to minimise a breach, so that if one happens your liability is mitigated, but that the reality is that in talking about privacy, acting by having great policies and education in place, the actual risk of a breach is also minimised.
If you haven’t check out this cybersecurity article, read it now here.