It’s an aspect of running your own business that will never change and will always be important: privacy. The idea of privacy compliance, though, has evolved over the years, with it becoming more of an all-encompassing policy or program than simply posting a few regulations on a website or in the break room.
A recent article in Utah Business talks about privacy compliance in several ways. First being external compliance, or how you as an organization let the public know your privacy policy, followed by internal compliance, which is the training and information you give employees about those policies. Lastly the article speaks to how these two types of compliance may also be different from what your customers need to know.
Letting people know about your privacy policies
For the public, making privacy policies easy to find should be a high priority. The article, written by an expert in privacy law, suggests that the notices and policies should be linked on the homepage in some way.
“Typically, when visiting an organization’s website, customers are greeted with a popup explaining how the website uses cookie data,” writes article author Tsutomu Johnson of Parsons Behle and Latimer. “Organizations should add a sentence inviting users to visit the organization’s privacy policy, if they have privacy questions. That invitation gives every user an opportunity to learn about the organization’s privacy practices before the organization collects the user’s information.”
Among the details that should be included are the ways your company gathers personal info, such as through the website itself, from job ads or at trade shows. It should also include data categories, specifics gathered within those categories, any third party gathering info, details on if and how that data is sold to third parties and contact info via phone or email for concerns or questions.
What your employees should address about privacy
For employees and leaders, there’s a different process that’s crucial to both communicate the importance of company privacy and also make them feel that they have a stake in its compliance. This includes training employees about the policy, creating a process for risk management when it comes to privacy and establishing a protocol for incident response.
As part of this, specific employees should be given the task of collecting customer data and should be trained separately on the policy. “The training program should clearly explain key privacy terms, what qualifies as a data incident or a privacy request and how to report data incidents and privacy requests,” writes Johnson.
As for the incident response protocol, a wise investment is cyber insurance, which can help if a privacy concern arrises. Having a central incident response leader is also important to identify. This person will be the one who drafts up a flow chart that explains the chain of command in case of a privacy incident, either externally or internally.
There should also additional actions that go beyond consistent training. “Every employee should receive a copy of the incident response protocol,” Johnson suggests. “Organizations should also test the response process at least once a year so employees know how to respond when an incident occurs.”
It’s also essential to have a way to evaluate privacy risks, and this should happen every time a company makes a new purchase or starts a new process in regard to managing their privacy. “Ideally, the organization should conduct a privacy review early in the adoption lifecycle to identify risks early and develop strategies to mitigate those risks prior to implementation,” writes Johnson.
Even with its multiple steps and complexities, it’s important to always keep privacy policy as something that is adaptable to change, as new technology and concerns change the landscape on a regular basis. Having policies in place is the bedrock to meeting those concerns, with transparency on those policies making sure they are a true success.
How the right kind of lending can boost your Utah business
Security in general should be a concern for any business, and First Utah Bank can provide a variant on that with its different types of lending options.
It should be a top priority to maintain policies that will keep your company secure and prepared for a sudden emergency. First Utah Bank knows and understands how to provide funding solutions that also create security for a business that’s just starting to get off the ground.
We know about the needs of small businesses and can help with our series of term loans. They are a great way to have a specific amount of money available to your business as it grows and changes. This type of business lending gives Salt Lake City businesses the option to meet distinctive needs or purchase assets. Term loans follow a predetermined schedule based on monthly principal and interest payments. Loan rates are usually fixed but they can be variable depending on your business needs.
Among the uses for these types of loans are long-term working capital, investment in commercial real estate, commercial vehicle purchases or business debt consolidation, among other options.
Talk to your home state business loan officers to see how term loans might benefit your small business. Learn more at our website, or call First Utah Bank at 801-308-2265.