Ask These Five Questions to Protect Your Data

Rebecca Harpster
Golden Gate Better Business Bureau

Sometimes it feels like every time you turn on the news, you hear about a new data breach. Consumers are concerned about their privacy and the threat of identity theft, but are often confused about how to protect themselves – especially when businesses collect their personal data on a daily basis. Data Privacy Day, celebrated on Jan. 28, is an international effort “to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.” 

BBB Accredited Businesses are committed to BBB’s Standards for Trust, which includes “Build Trust”, “Safeguard Privacy”, “Be Transparent”, and more. However, not all businesses are. That’s why it’s important for you to take the protection of your privacy into your own hands, and make sure that you can trust businesses that receive your data.

Protecting your data is key to identity theft prevention. The Federal Trade Commission (FTC) received around 400,000 complaints about identity theft in 2016 – it was the third most common complaint.

BBB encourages consumers to find out the answer to the following questions before dealing with a business, or entering information on a website:

1. Does the website have a privacy policy? The California Online Privacy Protection Act (CalOPPA) requires any commercial website or online service that “collects personally identifiable information through the Internet about individual consumers residing in California” to “conspicuously post its privacy policy on its website”. The policy must include what information is being collected and who it is shared with, along with other disclosures. Make sure any website that may be collecting your information has a privacy policy – and read it! Consider it a major red flag if there’s not a posted privacy policy.
2. How is your data being protected? Every business should have a data protection plan, and be open and transparent about it to their customers. A data protection strategy should detail: how data is stored; the security of the storage system; and how data is backed up, recovered and moved. If you aren’t convinced by a business’ data protection or they aren’t transparent about it, don’t feel pressured to continue with the interaction. BBB has resources to help businesses protect customer data – check out the 5 Steps to Better Business Cybersecurity at bbb.org/cybersecurity.
3. What is being collected and shared? A website’s privacy policy should be clear about what data is being collected and shared. If you are dealing with a company offline, you’ll know what data you’re supplying them with. However, it’s important to know if your data is being shared with vendors or partners, or if it’s being sold. Even if the original business is committed to protecting your privacy, their vendors may not be. After figuring out which entities your data is shared with, determine the security practices of those businesses as well.
4. Is the business PCI compliant? The PCI Security Standards aim to protect financial information and cardholder data. The Standards maintain that “payment security is required for all entities that store, process or transmit cardholder data”. Make sure that any business you supply financial information to is PCI complaint. If you’re a business that would like to become compliant, BBB has resources that can help you do so.
5. What will be done if your data is stolen? As of Dec 27, 2017, the Identity Theft Resource Center (ITRC), a BBB Accredited Charity, identified more than 1,300 breaches that exposed over 174 million records. The number of records exposed increased by around 380% from 2016: ITRC’s 2016 Data Breach Report included more than 1,000 breaches that exposed more than 36 million records. Every business should have a plan to prevent data breaches. Additionally, the business should have a plan detailing what they will do if a data breach does occur. What measures do they have in place to detect a breach? If a breach is detected, what’s their communication plan for notifying customers? Will they attempt to investigate the breach and mitigate the damage? If you’re concerned that your personal information has been compromised by a data breach, you can find tips and suggestions at bbb.org/breach.

You can reach your BBB at info@bbbemail.org or (510) 844-2000, or by visiting bbb.org.