Data Protection Seen as Critical for Small Businesses, Too
Guarding the data security and privacy of consumers is just as important for small businesses as it is for large corporations with massive troves of data, said privacy experts and small business owners Monday during a panel hosted by Small Business Privacy.
Sign up for a free preview to unlock the rest of this article
Many small businesses think “the data [they] have is not nearly as valuable or important as the data that is collected and stored by a much larger, larger, wealthier company,” said Melanie Ensign, founder and CEO of Discernible. “But it's actually the opposite ... because hackers are relying on the fact that [small business'] infrastructure and ... security is less sophisticated and weaker than the security of these larger companies."
In addition, hackers can exploit small businesses "to get a foot in the door" so they can access larger companies' systems and data, she said.
Theodora Skeadas, executive director of the nonprofit Cambridge Local First, said trust is also a big part of the relationship with small businesses. “A lot of small businesses spend a significant amount of time building one-on-one relationships with their customers,” said Skeadas: As a result, “trust is a really important differentiator for small businesses,” and “sharing data is a really important indicator of trust.”
“If that data gets abused, misused, sold, and if it's sensitive data, especially, that can undermine trust,” she added.
But this close relationship is valuable when considering data protection policies at a small business, said Arielle Garcia, chief operating officer at Check My Ads Institute. “What it looks like is going to depend on what business you're in,” she said. "You know your customers and their expectations and the value that they derive from your business the best. And the reality is, this is an extension of that management of that consumer relationship.”
Ensign agreed. “You don't have to become a privacy zealot to do this well and to meet your legal obligations,” she said.
Kimberly Lancaster, owner of Avalon Privacy & Compliance, said “it's really simple” to start thinking about how a business uses data in its daily operations. “Take 30 minutes, sit down and think about how you have an intake of data.” She also said talking to employees about their interactions with data is crucial to fully understand how data is handled within a small business.
Once a business owner knows what data is collected regularly and where it's stored, the next steps involve volume. “It's possible to just limit [data collection] ... to exactly the information that is needed, and nothing” more, Skeadas said. In addition, avoid collecting information that is too sensitive, she said. Proper security is key, such as “making sure that your business is using strong password protection technologies."
Skeadas said awareness of third-party tools and tracking are also important. If you have a presence within a larger company, like on social media platforms X, Facebook or TikTok, “these bigger companies are collecting that data” and “have access to information on their platforms.” This means “being mindful about what information is shared and across what platforms.”
Garcia agreed. “If there's one thing you can do today, it's to take inventory of what tactics you're using, like for your advertising and web analytics, and go check those accounts,” she said. “Is it necessary for you? Are you actually seeing [return of investment] from that, or is it just kind of allowing big players to get data about your customers and not really giving you the payoff that you'd expect?”