Privacy and the solopreneur: Best practices
Last week I gave you an overview of privacy laws in Canada. I talked about:
What privacy laws are
Who they apply to
What they say
What is considered personal information
How breaches occur
This week I’m following that up with tips and strategies that you can use to help ensure you stay on the right side of privacy laws.
The laws
Learn which privacy laws apply to your business.
Take a course in how those laws pertain to your business (including self-employment).
Keep abreast of changes to privacy law requirements.
Daily practices
Don’t store credit card data. It should be used for the transaction for which it was needed, then destroyed.
Don’t ask for, or mention, private information out loud. Even simple questions such as “Do you still live at 123 Main Street?” is a violation of privacy if there is another customer in the store to hear you say it.
If you must talk to a customer about any of their private information, make sure you have a private area in which to have that conversation.
If you have staff, train them on their obligations when it comes to privacy.
Treat all information of any kind that you have or know about a client as private. That way you don’t have to worry about what is or is not covered by privacy laws.
Be careful when using past projects as examples to sell yourself to new clients. Do not reveal any personal information in your advertising, testimonials, or future negotiations with other clients. It may be tempting to say “This is the work I did for Mike Smith…….” and then go on to outline to project. But in so doing, you may very well be violating privacy laws. Always get clear written permission from clients before you use any information about work you did for them to market your services to others.
Don’t have your office computer screen located in a position where anyone else can see it.
When having phone conversations, make sure that you don’t discuss information if anyone is around to potentially hear you. The same goes for online meetings.
Websites
Only collect data you truly need. For example, some website sign-up forms now only ask for an email address, and not a name. They technically don’t need the name just to send an email out.
Have a privacy policy page and explain, in detail, how you collect and use any information about your site’s visitors.
For every opt-in form, provide (right on or next to the form) a clearly visible disclaimer statement that explains what information you collect, why, and what it will be used for. For example, “Your information will be used to send you news and information about our services”. A statement such as this means the visitor knows, before clicking the submit button, exactly what their information will be used for, and, by going ahead and actually clicking the button, is giving their consent. But you need to word your disclaimer carefully, and have a system in place to prove what the visitor agreed to when giving you their information. (The same goes for any information you get by getting a person to fill out a paper form; have a disclaimer right on that form.)
Make sure your website is secure. Take advantage of various security tools your internet service provider may have available. If you use software such as WordPress, make sure you install appropriate security plugins. If you use an online sitebuilder (e.g. Weebly, Wix, SquareSpace) make sure the software has sufficient security measures. If the software company is not located in Canada, make sure that its security features match Canadian privacy requirements.
Stay on top of international privacy law changes. For example, Europe has enacted a privacy law that must be adhered to by any company, anywhere in the world, if that company has even one client who lives in Europe. It’s no longer enough to just know the privacy laws of your own country or province.
Working from home
If you work from home, take steps to protect the information on your computer. Make sure it is password protected, so that only you can use it.
If you use your phone for any work-related purposes, make sure it is also password protected.
Don’t place your computer where anyone else in your household can see the screen.
If anyone else lives with you, don’t work in your living room/kitchen/den etc. Use a separate, private room. This is especially important if you make phone calls or have online meetings (e.g. Zoom call). It’s just too easy for your family or roommates to overhear.
If you have any hard-copy documents, keep them in a locked drawer at all times. Never leave them on your desk or anywhere where someone else in your home can potentially see them.
Don’t store any work information on thumb drives or portable hard drives unless absolutely necessary. It can be very easy to access information on such devices. If you must use them, make sure that each has its own privacy protection.
When sending information over the internet, such as via email, make sure the information is protected to prevent hackers or others from obtaining access. This is typically done by using encryption tools.
Make sure that any online tools, software, or apps that you use as part of your business (such as payment apps, registration forms) are secure and protect the data they collect.
If you use your computer for work, make sure to have a reliable anti-virus software installed and that you keep it up to date. Some viruses are meant to obtain information from your computer. Others are meant to collect contact information from your email account. You want to make sure you have methods to prevent this from happening.
Don’t open any suspicious emails. You don’t want to give possible viruses a chance to infect your computer.
If you work in an office, and also sometimes at home, make sure any documents or devices you carry back and forth are always with you. Never leave them in your car.
Those are just some of the best practices to help you ensure you are following privacy laws. But, of course, that list is not exhaustive. Privacy laws are complicated, and are becoming even more complex as time goes on. And I am not an expert, so make sure you do your own due diligence in approaching privacy laws.
But do remember, that even if you are a business of only one, you are legally obligated to protect the privacy of your clients.
Cheers,
Tim
Helping you engineer the business of you
This article is for information purposes only, and is not intended as legal advice.