Privacy Awareness Week 2018: Why privacy is good for business
This year, as the Asia Pacific Privacy Authorities (APPA) mark Privacy Awareness Week, there couldn’t be a more important time to talk about the need to protect personal information. I spoke about this very topic last week to a gathering of small business owners, communications professionals, and government employees.
There are many tools for organizations, businesses, and public bodies to connect with citizens, potential customers, members, or users of your systems or products. But how you use these powerful social media tools is incredibly important because you will almost always be collecting people’s personal information. More often than not, that information can be very sensitive.
Trust is at the heart of the transaction between users and social media platforms… trust that the personal information gathered about users is used properly and in accordance with privacy laws. Recent news about the global Facebook breach has raised public awareness about privacy along with mistrust in how companies use data – or sometimes, how they misuse data.
BC’s Personal Information Protection Act (PIPA) recognizes the need for businesses to collect and use people’s information within reasonable boundaries, but that information needs to be properly used and protected. Under PIPA, you need to tell people why you want to collect their personal information and you almost always need their consent to do so.
So, how do you get consent? Preferably, it should be in writing, and it should state what a person is consenting to. It should also be clear, specific, and unambiguous. In other words, it should explain exactly how someone’s information is going to be used. You also need to explain how someone can withdraw their consent.
Sometimes consent can be implied. For example, if I give my hard drive to your computer repair business along with my phone number it would be reasonable for me to expect you would use the number to call me and let me know when the repair is done. But if you wanted to use that number to text me your latest iMac promotion that would not be reasonably implied, unless you’d asked me directly.
When you ask your customers or clients for their personal information, you are essentially asking them for their trust. And trust is a currency that is very hard to get back once you lose it. Privacy, simply stated, is good business.
How do you privacy proof your business?
First, I recommend that you create a simple privacy management plan. It doesn’t have to be complicated. Begin with the following steps:
- Take an inventory of the personal information you hold.
- Ask yourself; is it necessary to collect and use this information in the first place. If not, don’t expose yourself to unnecessary risk and safely dispose of it.
- If you need to keep the information, ask yourself if you are properly securing it?
Once you have a plan, you will want summarize it into a short and readable policy that you can share with people who visit your website. Don’t be shy in telling your customers about it: In doing so, you are telling them that you are committed to protecting their personal information.
A good social media privacy policy should include what information you collect and use, such as customer comments, likes, content, and browser histories.
You should also include contact information for the person in your business who is responsible for privacy. Your customers may want to request a copy of their own personal information, which they are entitled to do under PIPA.
During Privacy Awareness Week, stay steps to build privacy protection into your business. The law requires it, but more than that, it’s good business, because it builds trust with customers, clients, and the public.
About the Asia Pacific Privacy Authorities (APPA)
Formed in 1992, APPA is a forum for privacy, security and data protection regulators to collaborate and exchange ideas. Current members are: Australia (National, Victoria, New South Wales, Queensland, Northern Territory), Canada (National, British Columbia), Columbia, Hong Kong, Japan, Korea, Macao, Mexico, New Zealand, Peru, Singapore, and the United States.
To mark Privacy Awareness Week, the OIPC will be tweeting privacy tips and posters. Follow us @BCInfoPrivacy #PrincipletoPractice and #2018PAW on Twitter or visit our website oipc.bc.ca.
