Online Privacy Your Customers Should Reasonably Expect from You in 2017

| January 12, 2017 | Regulations & Security

Looking back, 2016 was probably the worst year ever in online privacy. Major security breaches, such as Yahoo, affected more than one billion accounts, leaving users worrying about their personal information. Horror stories around how the lack of privacy has led to murder, identity theft, and more have definitively planted the seeds of privacy panic.

And so today more than ever, as a business owner, you must treat your customers’ confidential information with the respect it deserves. With users and lawmakers becoming increasingly aware of, and concerned about privacy issues, businesses that do not follow best practices will suffer significant consequences. Here’s how you can demonstrate to your customers that you are committing to protecting their privacy:

Seek Explicit Permission about Exactly What Data You Intend to Collect

The first step towards developing trust with your customers is full disclosure. Your customers must know what data you will collect, how much of it you will store, how will it be secured, and who will have access to it. Also, customers should feel that they are in control of this data collection, and should specifically agree to your data collection policy.

Collect Only What Is Required

Disclosure is not enough. When disaster strikes, you will find it difficult to hide behind the thin veil of, “but we outlined it in our Privacy Policy.” Make sure you carefully consider what information is the most relevant, and collect only that.

Be Careful with Logged Data

Even if you do not specifically set out to collect customer data, your technology will log a lot of personal information. Your web servers will store customers’ IP addresses, device information, locations, browsers, and more. In addition, you might be able to see the web page they were on before they visited you, or the search query they used to reach you. Regularly purging all such data is the best approach. But if this information is stored perpetually, or even for prolonged periods, you must make full disclosure to customers, and tell them why you feel the need to maintain this information.

Be Extra Careful if You Are Sharing Customer Information with Third Parties

Customers who explicitly share their information with you expect you to use it in some way. But this doesn’t include sharing it with third parties. This is the part that makes customers the most insecure, as now there are at least two businesses that have their information. Limit your data sharing with others as much as possible. Make sure that your customers know that you are sharing their data and give them the option to deny you the right to share their information with third parties.

Keep Anonymous Social Interaction Anonymous

Sometimes customers engage with your website and assume that their interaction is anonymous. This could be in the form of providing a star rating to listed products. It would be unfair to have this seemingly anonymous data attributed to them at any point.

Allow Users to Delete Their Accounts and Data

With ever-evolving customer preferences and expectations it is important that you allow customers to change their mind. It is not a good idea to throw the rulebook at them when they contact you with privacy concerns. If customers want to delete their accounts and all associated information, let them do so. Customers will feel secure and empowered that they are making their own decisions about their personal information.

As a business owner you are responsible for your customer’s privacy. You cannot hide behind an all-encompassing Privacy Policy. It is best to proactively acknowledge your responsibility, take the steps I have outlined, and work to instill confidence in your customers. With a spike in privacy concerns in 2016, I expect a huge customer backlash in 2017, directed towards callous business owners.


Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.