Is your business asking for too much personal information online?
If your business is collecting or using personal information, you should be thinking about your data collection and storage procedures. Here are some questions you can ask yourself to improve your processes and help protect your users’ data and privacy.
A generic online form (e.g. an online booking system or contact form) may be an easy and efficient way to collect personal information from people, but it may also lead to your business collecting and storing information that you don’t require.
How do you know if you’re asking for too much personal information?
Start by asking yourself: What is the purpose of collecting personal information? For example, are you asking for information to be able to respond to a customer about a quote request? If so, the personal information you ask for should be related to this purpose, so you may not need a home address. Instead, a phone number or email address would do for now.
Business practice may mean getting all the information from the get go, even from someone just making a mere inquiry before they commit as a customer, but do you really need to know (and store) personal information of someone who may not end up purchasing goods or using your services? In most cases, the answer is 'no,' and limiting the amount of information you collect is better for you and your customers.
What are the potential costs to your business?
Costs associated with hacking/cyber data breach
The Latitude Financial breach resulted in the theft of customers' personal information, and those responsible demanded a ransom for the stolen data. The Privacy Commissioner recently published an article arguing that “data retention is emerging as a key issue in several recent domestic and global cyber-attacks including the Latitude Financial breach.”
If you are storing the personal information you are collecting, you are at greater risk of being targeted by hackers and the consequences can be high (including impacting your business financially and reputationally).
Turning potential customers away
People are continuing to learn more and show care and concern about security or privacy issues related to providing data online.
Research shows that half of New Zealanders who use their personal details on the Internet are extremely or very concerned about the security of their data and almost two thirds of New Zealanders have chosen not to use at least one online service because of security or privacy concerns.
By asking for too much information, you may have people questioning why, and this concern could deter them from reaching out or interacting with your business.
How can you minimise the risk?
To minimise the risks above:
- Ask why you are collecting information and only collect the information you need for the relevant purpose.
- Let customers know you care about their security and privacy and let them know why you need the requested information.
- Minimise the information you collect initially through online contact forms.
- Provide a variety of online forms to collect specific/relevant information for different purposes.
- Create a personal information retention schedule (a policy/document defining how long certain data must be kept and how the data must be disposed of) and review it on a regular basis so you ensure you get rid of information you no longer need.