Privacy Resources for Businesses

Protecting Privacy is Competitive Advantage

Protecting your customers’ privacy is a competitive advantage. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth. Below are some tips to instill transparency and trust:

If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from unauthorized access and use.
Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer might expect their data to be used and design settings to protect their information by default.
Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization. Document and share the steps your organization takes to protect data and maintain privacy.
Assess your data collection practices. Whether you operate locally, nationally or globally, understand and comply with the privacy laws, regulations and requirements that apply to your organization’s collection and use of personal information.
Prioritize third-party cybersecurity and data protection practices. Organizations are responsible for how the third parties that they share data with handle and protect that data. Standards for the collection, use, maintenance and destruction of personal information must be upheld to the same level when this information is in the hands of third parties. Have a rigorous checklist in place to ensure your partners are taking data privacy and protection as seriously as your organization does.
Adopt a privacy framework. Knowing how personal information is being used and protected within your organization helps to assess the risks and determine what steps are necessary to mature data protection. Researching and adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business practices. Embedding privacy at the start and throughout the data life cycle helps ensure that privacy practices are proactive rather than reactive.
Educate employees. Ongoing training and awareness campaigns for employees are a must for organizations today, especially as the digital world becomes more and more driven by remote work.

Additional Resources

FTC Guidance on Cybersecurity for Small Businesses: Learn the basics for protecting your business from cyberattacks. The business cybersecurity resources in this section were developed in partnership with the National Institute of Standards and Technology, the U.S. Small Business Administration and the U.S. Department of Homeland Security.
Guidance for Complying with the Health Insurance Portability and Accountability Act: The Centers for Medicare & Medicaid Services created "HIPAA Basics for Providers: Privacy, Security, & Breach Notification Rule," May 2021, to provide guidance on compliance and to address updates.
Protecting Personal Information: A Guide for Business: Advice from the Federal Trade Commission for businesses on protecting customers' personal information.