Protecting your business at every turn.
The immense value of data privacy and how to protect it
By ATB Financial 22 January 2021 6 min read
Many people and business owners are unaware of how their personal data can be used if it gets into the wrong hands. Protecting their personal data is not a priority to those uninformed.
For business owners, it's important to stop and think about how your organization collects, stores, manages, uses or re-uses personal or financial customer data. And for consumers, you should understand how your personal data may be exposed and how to mitigate your risks.
Data management tips for businesses
Gaining customer trust is key to a long-lasting business-consumer relationship. If a customer trusts your organization with their data, it is important you hold your organization accountable to the right standards to protect it. Get together with the right stakeholders in your organization and ask the following questions to understand if and how data privacy is prioritized within your business:
Why is data privacy important to the organization and our customers? Should we be worried about how we manage customer data?
Regardless of the size of your business understanding data privacy is crucial. Customers trust you with their data and everyone values their privacy. People are more likely to repurchase from businesses they trust. If a customer discovers a breach of credentials through a company, it is natural that their trust and business will both be lost.
How can I protect the privacy of my customers?
Collect only what you need. The more data you collect, the more you’ll need to protect. In the event of a data breach, the only data impacted will be what you absolutely had to collect from your customer.
Make data inaccessible to employees who don’t need it. Ensure that all customer data collected can only be accessed by employees who need its to execute their job duties.
Examine your risks as an organization. Risks are never mitigated using a one-size-fits-all method. Your security needs as an organization will vary depending on your operation and technical capabilities. Ensure that financial and privacy risks are identified within your organization, then assess the risks and prioritize them. Get help from risk management experts to reduce overall risk exposure.
Be transparent. Share how your organization collects and uses customer data through your website. This should be in an accessible location for the general public to review. Within these details, be clear about what data privacy means to your organization, and how important it is for you to protect your customer data. Advise customers on how their data is stored, managed, and used within your organization. It’s also advisable to share the most common methods of communication between your organization and your customers. This allows customers to be aware of what to expect, so that they do not fall for phishing emails or spoofed websites impersonating your business.
How do I foster a culture of data privacy within my organization?
Educate staff members on their responsibilities and roles as they pertain to data privacy. Include it in onboarding and ongoing training throughout the organization, regardless of position. Each staff member should know and understand the threats and risks associated with data management. This will help them when it comes to a real life situation. Adopting a privacy framework to help you manage risk within your business is also a good first step, followed by sharing it with the organization to increase the level of awareness across the board.
Data management for consumers
As an individual, it is important to take control of your data. Understanding the risks can help mitigate them and exposures to data breaches. Here are some important steps to protect your personal data:
Control of your online presence. Ensure that you understand the different privacy settings that you use. Review the data settings for each application you use to understand what information is being collected and how it is being stored, managed, and used. Review data policies before placing purchases online. Most businesses will have their privacy policies published on their websites for easy access
Go beyond passwords. Using security measures beyond usernames and passwords will help protect your accounts and personal data. Wherever possible, use biometric authentication, one-time passcodes, two factor authentication and similar security features.
Protect your personal information like you protect your money. Both are equally valuable. This includes not only your online credentials but also your purchase history, your location, occupation, birth date, spending habits, vacations and more. Be aware of who has access to this information, and limit the personal details you share online. Review and adjust permissions on applications that you use, and delete those you don’t.
Update your devices and keep them clean. Make sure all of your devices are updated with the latest software so that any vulnerabilities are addressed. Have a strong antivirus program installed on your devices and ensure that routine device scans are completed to make sure there are no infections or malware exposing your data.
Educate yourself. Stay on top of latest threats and fraud trends in order to best protect yourself and your personal data. Understand how applications are collecting your data, and adjust their settings according to your comfort.
Whether you are a business owner collecting, using, and managing customer information, or an individual trying to understand online best practices, personal information and data is just as valuable and important as money— it needs to be protected.
What to do if you think your data privacy has been compromised
Contact your financial institution: The sooner your financial institution is aware of the situation, the more efficiently they can support you.
Take action. If the fraud event is in the digital space, consider using a reputable IT firm to assist in scanning your devices to ensure any malware is identified and promptly removed. It is also very important to reset all impacted credentials and passwords—for example, login passwords for online banking and email accounts.
Notify. Contact the two main credit reporting agencies (Equifax and TransUnion) and provide details on the incident. Ensure that a fraud alert is placed on your credit reports for any future applications made using your identity. This will prompt the creditor to contact you at a phone number provided by you before approving any additional lending or opening new accounts. You may consider placing a temporary security freeze on your credit report to stop any future activity from taking place.
Report. Consider reporting to your local law enforcement agency to provide any details you know of the incident. You may also consider reporting to the Canadian Anti-Fraud Centre (CAFC) which collects information about fraud incidents across Canada.
Protect yourself. Ensure you have enabled two-factor authentication, especially for banking services, and have a policy in place for proper password hygiene.
Educate. The best defense against a fraud incident is education—understanding what you are up against will allow you to consider what controls are best suited for you or your business.
For more information about protecting your business from fraud, the National Cybersecurity Alliance has advice on how to help employees be more privacy aware. You can also visit the Canadian Anti-Fraud Centre, or contact our Business Solutions support team at ATBBusiness@atb.com or 1-877-363-4855.
While we want this information to be useful for you, we make no promise, representation or warranty about its accuracy or completeness. We don’t accept any liability or responsibility whatsoever for any loss arising from any use of this document or its contents. This information is not kept up-to-date. Without our prior consent, this document may not be reproduced in whole or in part, or referred to in any manner, including any information, opinions and conclusions it contains. This document is provided for information purposes only and is not intended to replace or substitute for professional advice.