How to protect your customers’ data as a small business 🔐

Photo by Dan Nelson on Unsplash

A few days ago I ordered something from a small business on Twitter. After confirming my payment, the owner asked, “What’s your preferred delivery address and phone number”, and for some reason, I froze. I really didn’t want to share my house address or phone number with a stranger.

This made me think about all the times I had casually shared my details with vendors. It made me realise how much of my data was stored all around the place by small businesses, and the idea of random people knowing the exact details of where I live just because I wanted small chops started to really bother me.

While larger e-commerce companies request and have access to this data, they tend to have a structure around data protection and compliance. From my basic research, a lot of small business owners use their personal devices for business and don’t really consider the implications of having customer data lying around.

So, I decided to share this list of things you can do to be more responsible with your customer’s data as an online vendor:

1. Limit the points of data collection & gathering: If you have several channels (Whatsapp, Instagram, Twitter etc.) where you interface with your customers, set up a single point of data collection for users. This could be through a simple Google or Airtable form or through Paystack or Flutterwave’s social commerce platforms. This way, customer information isn’t littered across different devices and platforms.
2. If customers have to send personal information via chat for some reason, transfer that information to your secure data store and delete the chats containing personal information.
3. Limit access to customer data: Once you have established a single point of customer data storage, limit access to it to one or two trusted people. This should be just the business owner and anybody who absolutely needs to interface with customer data in order to do their job e.g Customer Support.
4. If multiple people will have access to your transaction database for any reason, generate unique customer IDs or aliases for your customers and attach their details to this ID rather than their names. This pseudonymity helps to protect their identity to a degree.
5. Hire a logistics company that you can trust with your customer data: Before choosing a logistics partner, ask them specific questions about how they handle your customers’ data. Ask them if they store customers’ data, how they store the data and who has access to customer information. If it is not clear to you that your customers’ data is safe, find a different service. If possible, stick to just using one or two logistics services at a time — this way, you can control who exactly you share data with.
6. If you can, avoid sharing specific addresses with the logistics company: You can instead label the package clearly with the address and provide the delivery company with the general location and the customer alias (see point 4). While the dispatch rider can see the address attached, it becomes much more difficult to gather and share customer data in bulk unlike if the information was shared online.
7. Passwords: This is your wake up call to change your password from “BusinessName123”. Human beings are generally bad at creating secure passwords so don’t create or manage your passwords yourself. Stop sharing the passwords to your business accounts (or any account for that matter) over Whatsapp. There are a lot of tools including Apple and Google’s password managers that you can use for your password management.
8. Set up 2FA authentication using SMS or Google Authenticator on all devices and accounts that contain customer data. Most social media platforms allow you to do this. Here’s how to do this for Instagram and Twitter.
9. Where possible, use a separate device for your business and ensure that only the people who need access to it have it.
10. I shouldn’t have to say this, but never ever share your customers’ information with anybody. Not to your friend who needs their email address in order to pitch them the business idea of a lifetime or to someone who ordered them food anonymously. Don’t breach your customers’ trust by selling their data. When it comes to their data, your allegiance should be to your customer.

Asides the obvious benefits of doing this, having customers trust you is good for your business. Sharing some of the precautions you take can be a good selling point to attract a broader range of customers who either already care about data privacy or care because they now know you do it.

It’s much easier to do this when you only have a handful of customers — so set up the practice now and ensure compliance even as your customer base grows.

Thanks to Aleph & Sunkanmi Aladenaye