There have been numerous measures taken in the last few years to increase privacy for consumers, and rightly so. People have a right to data privacy, and organizations should be held responsible when they do not uphold the security measures they should to protect their customers’ information.
That said, data privacy lawsuits are also on the rise. Even the most well-intentioned organizations might struggle to know exactly how to protect their customers from data compromise - and themselves from privacy lawsuits. Here is some more information about this issue, and some small business best practices to keep you out of trouble.
The Current Landscape
Data breaches have always been costly, but they reached a new high of $9.48 million per event in the U.S. on average over the past three years. Small businesses weren’t immune from this, seeing 13% higher breach costs during the last year than large corporations did.
When breaches happen, lawsuits often follow. Most claims are about the compromise of “personally identifiable information,” which includes details like names, addresses, social security numbers and more. In order for a company to be held liable in a breach, it must be shown that they were aware of the risks and possible impact, but were negligent by failing to take action.
Small Business Best Practices
How can you ensure you have your customers’ data under lock and key? And that you’re protecting your own company from lawsuits? First, remember that cybersecurity is not something that other companies have to contend with; it impacts you, too. If it hasn’t yet, you’re lucky. But the major mistake that many leaders make is getting complacent about their security measures.
Second, take action. Start by checking out the FTC’s guide to preventing a data breach, Protecting Personal Information: A Guide for Business. Then, recognize that people (e.g. your team members and yourself) are often the biggest risk to cybersecurity. In fact, of the businesses worldwide that reported being attacked by viruses and malware, 53% consider careless/uninformed employees to be a top contributing factor and 36% say that phishing/social engineering contributed to the threat.
Because of this, every organization would benefit from undergoing security awareness training (which can teach team members about phishing and other ways to improve your organization’s security posture). There are many training options out there, so find one that is comprehensive and works for your business on your schedule.
Finally, what type of software do you have in place to protect your data? We use OneTrust, and recommend it to our clients. It’s a comprehensive enterprise privacy management software that can help your organization operationalize compliance and privacy by design.
Data privacy is incredibly important, and so is protecting your business from privacy lawsuits. Follow the guidance outlined here, and you’ll be well on your way to preventing data breaches and unnecessary legal action.
Want to work with a marketing agency that prioritizes the safety of customer data? Give us a call!
