According to several news outlets, Facebook is planning to merge messaging in WhatsApp, Instagram, and Messenger some time in early 2020. With user information being shared across three platforms, data protection and security best practices are paramount. This merger is expected to help brands:
These apps will still appear as standalone platforms, but they’d be merged in the back-end so that it’s easier for brands to talk to customers wherever they spend time online.
But even with all of these benefits, there’s been push back. With the amount of user data collected every day, end-users are also concerned about how their data’s being utilized. In fact, a recent report by the Travelers Consumer Risk Index found that “consumers are more concerned about the security of their private information and personal data than their physical well-being.”
With growing concern for how user data is used and stored, what are you doing to manage your data protection and security best practices so that they’re in line with user expectations and industry standards? How do your best practices need to change? Facebook is an extreme example, but small-medium businesses (SMBs) like yours need to take these precautions, too.
To help you figure out the answers to these questions, here’s what you need to know about managing your data protection and security best practices.
The Data Protection Act (DPA) of 1998 was established to help companies manage data and user privacy. But with the constant changes to technology and new types of data being collected, the DPA didn’t go far enough to protect user data or require brands to explain how that data was used.
The General Data Protection Regulation (GDPR), first introduced in 2016 and in effect since May 2018, gives users more power over how their data is used. Now when they visit EU-based websites, they’re greeted with a notice explaining that their information will be stored and used. Like on the new site, Express:
Before accepting these terms, users have the option to see what types of data are collected:
If they agree with how their data will be used, in some cases, users can accept or reject access to their information:
Not all sites go into as much detail as Express does, but its approach clearly gives users the power to decide what they share with the site.
In order to adhere to GDPR guidelines, you have to understand how it impacts your data security best practices. Let’s say you own an e-commerce store and collect data like customer location and credit card information. According to the new rules of GDPR, here’s what your best practices have to include when users give you permission to collect information as they browse your website:
GDPR has been in effect for almost a year and while the ICO might have been understanding when the regulation first rolled out, make sure your data security practices are up to date—to avoid complaints and fines—and you’re prepared to handle user inquiries.
Estimates show that there’ll be approximately 53.96 million monthly active smartphone users by 2022. This growth is why more companies choose to send information and updates via mobile messages vs. relying heavily on outbound call campaigns and direct mail.
If you’re a company that uses a cloud-based platform to send bulk mobile messages, keep in mind that you’re sharing end-user data with them when you do.
For example, Capita, a business process management and outsourcing company, sends interactive voice messages (IVM) and rich media messages (RMM) with our platform to its clients as a way to improve customer satisfaction. To send messages about service outages and package delivery updates, Capita uses customer phone numbers and other basic information.
Michael Cheng, former Quality Insight & Strategy Manager at Capita, explains that, “Working with VoiceSage’s services enables us to help the client see what’s working for these deliveries and programmes, providing a useful feedback loop that gives them actionable insights.”
To avoid data security issues and secure user data, companies like Capita and others check that the platforms they use have a best-practice information security management system (ISMS) in place. Platforms with certification have gone through a rigorous review process, had an independent assessment of their data security best practices, and have shown that they meet international standards of risk management.
In 2018, we received our ISO/IEC 27001 certification. This has allowed us to give our users peace of mind because they know that we take data security as seriously as they do. There are three ISMS pillars that we adhere to:
Every aspect of our product is in line with ISO/IEC 27001 to deliver quality service and best in class data security.
To lower your risk of experiencing data security issues, only work with providers that have ISO/IEC 27001 certification or any other applicable certification. This way, all the work you do to secure and manage customer data also applies to the tools you use to deliver your products and services.
Read about VoiceSage’s new accreditation: VoiceSage Adds to Existing ISO 27001 and PCI DSS Certifications
With the likes of Sony Pictures and Stratfor, a growing number of data breaches are the result of lack of encryption—like end-to-end encryption for texts and emails. This oversight makes it easier for bad actors—cybersecurity threats—that intercept data to access personal user information like financial information, medical records, and more.
A survey by the Ponemon Institute found that “85% of the companies said that they experienced loss of personal information.” Yet, “only 54% subsequently implemented encryption.” What we’re seeing here is that it’s inevitable that businesses, big or small, will at some point be under attack and risk experiencing a data breach. Only a very small number of businesses, 27%, haven’t experienced a data breach but do have encryption in place.
To make sure you’re not making encryption mistakes that will affect how you communicate with customers, ruin your reputation, or cost you millions in fines, use these data protection and security best practices to create process standards:
When it comes to encryption, it’s best to have it in place before there’s an issue—because chances are there will be one—instead of waiting until after there’s a breach when you have more to lose. In the case of Sony Pictures, they spent about $35 million to fix their IT system and suffered considerable embarrassment from the leaked emails.
You spend a lot of time making sure the data protection and security best practices in place follow industry standards and the tools you use also follow the same kind of compliance customers expect from you. Make sure this hard work isn’t in vain and data is encrypted.
It seems data security is one of those things brands think about after there’s an issue. Waiting to fix the problem at this point isn’t just time consuming, it’s costly.
By taking the time to understand how GDPR works and how it impacts your customers, how the tools you use comply with industry standards, and how you encrypt data, you’re in a much better position to foster great customer trust and practice transparency.
Giving your end-use customers peace of mind that their data is safe and secure goes a long way to establishing yourself as a brand people want to do business with.
Book a demo with one of our customer engagement experts.
See how VoiceSage transforms outbound and inbound customer contact operations.