The growth of online businesses has skyrocketed and with good reason. The ease of selling products or services to virtually anyone around the world has created many successful businesses that might not have otherwise had much of a chance. Being an online business owner is exciting and profitable but it also comes with tremendous responsibility to customers.

For an online transaction to be completed, personal information must be obtained such as business name, address, ownership, credit card information, or other proprietary data. Unfortunately, just as the number of online businesses has grown, so has identity theft. Hackers and identity thieves have capitalized on the exchange of electronic information leaving you with an even greater responsibility to protect your customer’s information. Even if you have full intent to maintain personal information, with new technology and determination, identity thieves can get exactly what they want.

What is your legal and ethical responsibility of protecting your customers from identity theft? For example, should you keep credit card information on file and if so, who should have access to it? This article will address this issue and provide guidelines on your legal and ethical obligations to protect your customers.

 Of course, every business that accepts personal information from customers needs to adhere to relevant laws and regulations, as well as institutional policies. In complying with these laws and regulations, ethical responsibilities, are also satisfied You will want to ensure that your customer’s information is being used in an efficient and effective way while the privacy, security, confidentiality, and integrity of the customer is protected.

To accomplish this goal, you could create a special workforce, consisting of people you trust and who will act in the best interest of the customer. This group should understand their position of trust and accept full responsibility for the appropriate use and release of any data received. This special workforce should also establish degrees of data sensitivity, and accordingly how the information will be handled. For instance, you might consider setting up a structure to include:

Legal

• Confidential – Information would be protected by regulation, law, policy, and contract.
• Sensitive – Information would not be disclosed unless there was a reason associated with company risk and private nature

Ethical

• Private Information – Protected by company practice and procedures established around high ethical standards
• Public Information – This information would not be protected but made available to the public

Just as the varying degrees of protection would be established, it would also be essential to determine what information falls under each group. As an example, student records, identifiable financial data, and personal information such as social security number, credit card information, bank accounts, driver’s license numbers, health records, and some research data, would fall within the “Confidential” category, making this a legal responsibility.

Information that might be categorized as “Sensitive” would include employment records (including salary), gender, citizenship, special needs, and so on, as well as company accounting information and budgetary items. Information that may not be legally protected would include company directories, job descriptions and policies. However this information may still be considered proprietary to the company and as such not accessible to the public.

Every business, whether traditional or virtual has a tremendous responsibility to customers, and must take every precaution to protect them against the risk of identity theft. When customers trust you with their information they have an expectation that it will be safeguarded. In addition to the moral and ethical obligations, failure to protect your customer’s information could result in legal and financial consequences. If a customer’s information is stolen from your company, you may be faced with a lawsuit. Even if you had taken every precaution and were not found liable the time and expense of a legal battle could prove costly.

Ethically, the success and growth of your business depends largely on how well customers trust you. As you can imagine, if existing and potential customers have vital personal information stolen, not only have you lost that customer, but many others to follow.

You can take steps to ensure that your customers’ data and your company’s reputation are kept safe. Establish strict legal and ethical guidelines to ensure that personal information is protected and access is limited. Ensure that your IT department is well trained in identifying signs that are associated with identify theft and equipped to implement the most up to preventive measures. Once you earn the trust of a customer it is equally important to live up to that trust.

Related posts:

1. Copyrights, Trademarks, & Other Legal Mumbo Jumbo
2. Mastering the Art of Customer Service
3. Sole Proprietorships, LLCs & Corporations: A Guide To Legal Forms of Business
4. Measuring Customer Value: Insight that Drives Profit