How To Protect Your Customers Information

One of the “experts” at PC Magazine sure stirred up a mess last week by essential accusing small business owners of selling their customer’s information.

As you know, this is ludicrous. We work hard to protect our customers information, information that we have worked even harder to acquire.

While I was thinking about this situation though, I realized that there are new product sellers who really don’t understand everything they must do to protect their customers information. In most cases, they must rely on their web hosts, web designers or shopping cart software developers to provide the necessary information.

Protecting information that you collect as a small business is critical for two reasons:

1. Legal ramifications. If your lax security allows someone’s credit card number to be stolen, you will be held liable. The legal fees alone will kill your business.

2. Reputation ramifications. While as a small business, you want media attention, this is NOT the kind you want. Getting a reputation for mishandling customer data will hurt. And you don’t have the PR professional available to spin your story like a large corporation does.
So I thought I’d put together a small list of things you need to make sure you have to protect your customer data.

1. Encrypt stored data. If you’re going to store customer’s data on your server, you must do so in an encrypted database. This is especially true if you store credit card information. Check with your shopping cart provider to ensure that they are encrypting the database. (Chances are, if you have to enter special password to retrieve customer data,then it is encrypted.) For the record, customer data stored within Mals Ecommerce, the cart that ties in with the Shop Kit Plus, encrypts sensitive customer data. The SKP does not store customer data, such as credit card numbers.

2. Secure your connection with SSL. Any time a customer is asked to submit sensitive information, the connection should be secured with an SSL Certificate. You will know if your cart does this if you see the https:// before the link in the address bar on the pages where information. For the record, Mals features SSL secured pages.

3. Limit access. If you’re a sole proprietor, chances are you’ve never thought about who has access to your customers private data. I recommend you start thinking about it now. If someone spends the night at your house, can they login to your computer and, using your stored passwords, download a few credit card numbers? My system is setup so that I have to know at least two passwords just to get anywhere near sensitive customer data. And that’s only after getting logged into my computer and finding the right place to go. Also, if you bring in an employee or sub-contractor to work on your accounts, make sure she does not have access to sensitive customer data.

4. Protect your systems. Make sure your computer’s wireless connection is password protected. Make sure you routinely scan your office and laptop computers for viruses. Check with your host and ensure that you are on a hacker-safe, PCI compliant server. Also, make sure any applications that you are running on your hosting account are secure. You can check with your vendors to ensure this is the case. Also, do a Google search for reviews of your cart and host, to find out if there have been any security issues. If there have, make sure those issues have been repaired.

These are four basic steps you can take to make sure you are protecting your customer data. If you have any questions, please let me know.

Did You Know That You Were Selling People’s Information?

I sure didn’t? I bet you didn’t either!

But apparently, we’ve been pegged by PC Magazine as a bunch of unscrupulous small businesses owners. Instead of spending our days creating the products we love, changing diapers, teaching our preschoolers how to read and answering boatloads of customer service emails, we’re actually sitting back waiting for someone to enter their email address so we can sell it.

Now, I don’t know about you, but I have no idea who would want to buy my client’s email addresses. I don’t even want to know who would want to do that.

I have also take the necessary precautions to protect my client’s data — and my client’s customer’s private data, including using PCI complaint servers and scripts, encrypting my client database, using strong passwords and an SSL connection.

My friend Lynette from Tech Based Marketing quotes PC Magazine software expert Neil J. Rubenking:

When you buy something at a small, lesser-known online store, there’s a decent change they will sell your address to spammers … Sign up for a newsletter? Your address could certainly get sold.

What?! As I pointed out before — how many of us even know how to sell an address? Most of us are just trying to figure out how to setup our store, run our business, sell our products and make however much money we need to cover costs and make a small profit. We’re more concerned with providing our customers with customer service and a product that they will love, than with figuring out how to sell a few hundred email addresses.

Talk about lumping a bunch of honest small business owners in with a bunch of unscrupulous scammers who really have no interest in running a legitimate business.

Another friend, Alice Seba, remarks in the comments area of Lynette’s site:

Morals and ethics aside, I don’t think most smaller online retailers are aware of or would know how to get into the lucrative opportunity of selling personal information. It’s the big companies that know and do this, unless they explicitly state they don’t.

For the record Lynette, I don’t think it’s illegal to do so. I think it becomes illegal if you state you don’t, but do anyway.

Interesting point, huh?

I take great care with my client’s information, because I am one of them. I am a WAHM, too. I know what it means to have your information leaked. I would not do this.

It’s the big companies, as Alice says, with their inch-thick terms of use that collect millions of names — and then suddenly you start receiving all kinds of junk.

That’s my opinion. And I see it’s shared by Lynette and Alice.

What do you think? What has your experience been?

Have you had a small product-selling business sell your information? Have you had a large business do this? Would love to hear your stories.