Have Your Privacy Policies Kept Up with Your Digital Transformation?
COVID-19 has become a turning point for many businesses all over the world. The companies implemented such practices as contactless payments, improved customer relationship management systems, and click-and-collect applications. Although the transformations have had a positive effect on businesses, some risks have arisen. Every company that shifts the operations online faces the challenges related to privacy issues. Due to this reason, the United States introduced new regulations to solve the problem with privacy pitfalls.
For many industries, the problem of users’ data privacy is a very topical issue. The businesses in the restaurant industry are striving to build the infrastructure to make orders and deliveries or collaborate with the companies that offer the mentioned services. The higher educational institutions have experienced the problem with missing tuition fees per the passing year. Now schools and universities are digitizing online teaching. The live events spaces are migrating the online processes into cloud technologies. All cases prove that vast amounts of information are vulnerable to exposure.
The digital transformation causes two problems at the same time. The first problem is connected with the following issues:
- the need to build the online storefronts;
- the demand to implement communications platforms to process the data provided by the customers.
The second problem is related to the following:
- lack of experience with the infrastructure that processes data;
- the absence of knowledge about digital technologies in general.
In addition, the teams are adapting to the new conditions, so they often have to make a decision about the use of technologies they are not even familiar with. The business owners and specialists involved in solving these issues have the temptation to overshadow the privacy concerns. However, such a strategy may lead to money losses, lawsuits, and reputation problems.
The pressure on businesses related to privacy regulatory issues is growing all over the world. In the year 2018, the General Data Protection Regulation or GDPR was implemented in Europe. The United States introduced the California Consumer Privacy Act which entered in force on the 1st of July. CCPA impacts any business in California that has a revenue of over $25 million per year. The Privacy Act affects the management of user data and charges steep fines for the companies that treat the personal data wrong. It may seem that the pandemic can mitigate the standards, however, in the case of the United States, this is not particularly true.
The good news for business owners who are going to fix the privacy issues is the simple steps that can be implemented to minimize the possible risks. Further, we will list the privacy-focused measures to make the digital transformation safer. Each measure can be taken independently, however, the more steps you manage to implement, the more chances you get to avoid the troubles with the privacy.
Check on how your vendors and partners use customer data
The digital transformation challenges push businesses to conclude the contracts with third-party-vendors. There is a temptation for the companies to agree on the “plug-and-play” solutions seeking an easy way to move the business online.
Although the companies are aware that they need to check on the Data Processing Agreements during procurement, the overall tendency boils down to ignoring this important procedure. There is a risk for a business to face failure when entrusting the customers’ data to third parties. The scenario that happened to Mariott Hotel Group in 2019 is illustrative – the company was fined $123 million by ICO for not performing due diligence concerning the privacy issues.
The incident with Mariott
Last year the hotel giant Mariott announced that Starwood which was acquired by the company had the central database hacked. The data of 383 million guests that included eight million credit card records and five million unencrypted passport numbers became public. The breach existed since the year 2014 but was discovered only in November 2018. Later Mariott stopped using the hacked database in the operations.
The breach affected more than 30 million residents of the US. According to the new General Data Protection Regulation restrictions, the company had to pay the fine of up to 3% of the company’s annual turnover.
To monitor risk perform risk assessments
GDPR and CCPA treat the procedure of risk assessments differently. While the General Data Protection Regulation obliges companies to perform impact assessments when processing data, CCPA does not require this procedure.
In times of rapid digital transformation, the risk assessments implemented by businesses force companies to make more informed decisions concerning the storage of data, dealing with subcontractors, and more. Moreover, the possibility of being charged in case of violation of privacy is working in favor of businesses.