Credit card details and financial data are closely guarded by most businesses, but one lawyer says SMEs are often overlooking the security of other sensitive information they hold.
“Most companies seem to have good security and processes around credit card information and how that’s stored and dealt with. But it’s that vast bulk of personal information that people hold,” explains lawyer Mark Gardiner of Teddington Legal in an appearance on the My Business Podcast.
“Name, date of birth, physical address, possibly occupation. And then [things] like shopping histories. There [are] things like preferences, website databases, search, all those kinds of things.”
According to Mark, smaller businesses often don’t understand the amount of data they hold about their customers and stakeholders, and hence their obligations under privacy laws are poorly understood.
“Most of us, I think, are oblivious to how little privacy we have. Tracking cookies pop up all the time. Organisations can track where you go after you’ve been on their website. They can pop up and give you tailored advertisements. And there [are] databases that are maintained around that. So privacy is very broad,” he says.
“Everyone’s aware of privacy and the obligations but the detail is sometimes where they need guidance, where they’re not really sure what they should be doing. They key is then where do they go for that advice.”
Mark says that a specialist lawyer can help businesses understand their obligations, and establish appropriate processes and procedures to maintain legal compliance as well as security around information they hold.
“Often a system audit is necessary, just to understand what they’re doing and how they’re doing it,” he says.
“You don’t really want to use the law firm because you have a problem; you want to use a law firm to help you not have a problem.”
Hear more insights on privacy and other legal challenges facing business owners on the My Business Podcast below: