The potential profits to be made from data-driven commerce has increased the collection of customers’ personal information, so it’s no surprise that law makers are responding with regulation.
There are now numerous ways of gathering and understanding data in customer demand and production costs that are essentials to any business.
And, from February next year, mandatory data breach notifications will operate for all Australian companies with more than $3 million in annual revenue, many of which already have a raft of privacy laws to deal with.
Australian businesses that have customers in the European Union will also need to adjust to data regulations expected to apply in that part of the world from May.
So what data traps should you look out for if you’re buying into a business in the coming year?
Check you are getting valuable historical operational data
It is easy to be overwhelmed by the data available. A good tip is to filter out information that is just interesting and focus on metrics that help your business grow.
In hospitality, detailed analysis of perishable items is critical, as are historical seasonal variations in customer demand and production costs, particularly as they relate to orders, staff and products.
In any purchase, if you are paying for goodwill associated with an existing business, it is important to lock down important historical data that will be included in the sale.
It is worth checking that no one else has made a recent copy of the customer database or CRM (customer relationship management) system that you are buying. An audit trail of the software can show whether the entire database has been copied.
Most software allows administrative access to be locked down to one or two trusted users — it is much easier to lock down access to valuable data than to recover it if a disgruntled employee tries to help themselves.
Check the business is compliant in handling its customers’ personal information
It is common for businesses to collect, store and analyse customer information gathered by loyalty programs, email lists, social media campaigns and online forms. Retail stores can use Wi-Fi networks to track MAC addresses (an address that’s unique to a phone) to log customer movements in the store.
Data collected from users of free Wi-Fi can include apps used, websites visited; social media posts and cookies that track demographic, age and gender details.
It is not a breach of privacy law for personal information to be included in the sale of the business, but you should carefully examine what is there.
The information must have been collected and been used in a way that complies with the privacy laws. The seller must demonstrate compliance with privacy principles and obligations.
And surveys tell us that customers have different tolerance levels for businesses using their personal information.
A KPMG survey found 82% of customers were not comfortable with the sale of their data to third parties.
This figure varies with the age of the customers involved — millennials are more trusting — but people, generally, trust organisations that promote themselves as strong on cyber security.
Buying a business requires safeguards to protect your customer’s personal information. It’s not enough to maintain a system you receive through a business purchase.
Be familiar with privacy obligations that apply to your business and prepare for the future
The size and sensitivity of data breaches is increasing yearly across all industries and organisations, and these are driving the changes to the law that will come into play in Australian and the European Union next year.
If you’re buying a business, or preparing one for sale, it is critical to stay on top of cyber security and privacy obligations to maintain a trusting relationship with your customers.