Best Practices For Protecting Customer Data


Share on LinkedIn

We live in a world of big data. Between website cookies and credit card information, customer information is gathered and shared in more ways than ever before. Customers know that their data is collected while they browse online, and some customers have awareness of how much information they actually give away just by their basic internet history, but few customers realize how much of that information is stored and used. Customers are focused on the obvious problems, like social security numbers and credit card information.

Companies that want to maintain a positive reputation as they move into the next phase of data collection and usage need to have a solid plan for protecting the customer data they gather. They need to be clear about what they’re keeping, why they’re using it, and how it’s protected. When they can do that, customers are going to be much more willing to trust them with their data.

Here are some key best practices for protecting customer data.

Don’t Store What You Don’t Need

When everything seems potentially usable, it can be tempting for a company to keep all the data it can gather from a customer. The more data that is gathered, however, the more data needs to be protected. A company can also make itself a more attractive target if it’s storing a vast wealth of information, versus a small amount of data.

In 2018 the Congress passed the Data Breach Prevention and Compensation Act that is designed to hold companies accountable in the event of any future data breaches. So, when you’re considering customer data best practices, storing only what you know you need and will act on is a good step in the right direction.

Consider Outsourcing

For many small and medium sized businesses, maintaining a full time IT staff dedicated to data protection isn’t financially reasonable. For digital businesses, who often collect credit card information with every purchase, it can make sense to outsource payment processing. Using a third-party payment processor both tells the customer that they are not giving their information to a new organization and relieves the problem of storing a customer’s payment information safely.

Unless a company can support a top-of-the-line data center that will withstand malicious attacks, both digital and brick-and-mortar businesses should consider off-site data storage. Cloud computing is often thought of as less secure than physical servers onsite, but with the rapidly evolving nature of technology and cyber-attacks, this is no longer true. Companies that are dedicated to safe data storage can more easily focus on maintaining the necessary protections.

Keep Technology Up To Date

One of the simplest ways to keep data safe onsite is to make sure that technology stays up to date. This doesn’t need to mean updated computers every other iteration. It does mean making sure that there is solid anti-virus software on all computers, and that employees are allowing virus updates to happen as they’re recommended by the OS. Alternatively, an IT manager can push out an anti-virus update to all computers at once.

Companies should also have protocols for removing old employee access accounts as soon as the person has left the company. Inactive accounts are an easy way for hackers to get inside the company’s computer system and wreak havoc.

Let Customers Know What You’re Keeping

Customers have a right to know which data of yours they’re keeping. This is as simple as an “opt-in” button to maintain payment information for the next purchase, a notification about cookies, or a statement about what data they collect, anonymous and otherwise, and how it’s used.

When companies are transparent about what’s happening, they’re more willing to let information be shared and feel less concern. It also makes it easier for them to track any problems that might be arising. They can track usable more carefully on their online credit card, for example.

Make Everyone Responsible

One of the most important factors in making sure that data at your company stays safe is making sure that everyone feels responsible for this task. When everyone thinks that someone else will manage a particular task, it tends not to get done. Being clear, however, that absolutely everyone in the company is responsible for data, two details can be enforced. First, everyone is responsible for all the data they touch; it should be safe when they go to use it, and it must be safe when they’re done.

Second, employees are responsible for watching for ways that data is not being kept safe. If data is left accessible for a long period of time, for example, making sure that management is aware.

Avoid Paper

With the number of different cloud computing, live editing, and digital sharing options available, there’s really no reason for paper printouts, especially ones that contain sensitive client data. By eliminating paper copies, there are fewer opportunities for data to be left out and available to those who should not be accessing it.

Companies have a responsibility to protect customer data at every turn. By monitoring what information they make available, keeping only what they need, and considering handing data storage over to those who have dedicated protection plans, companies make sure data is managed appropriately. They minimize their risks of a data breach, and if one does occur, they are more likely to know about it immediately. They can follow appropriate regulations about reporting and maintain their reputation with their customers.

After all, data breaches happen to many companies. It’s a question of why it happened and how it is managed that determines customer perception after the fact.

Margarita Hakobyan
CEO and founder of, an online marketplace of local moving companies and storage facilities. Business women, wife and mother of two with bachelor's degree from the University of Utah with a concentration in International Studies and a Masters Degree also from the University of Utah with a degree in International business.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here