Our information is everywhere these days — and at risk more than ever. If you’re one of thousands of people who have received emails from big box stores apologizing for financial data breaches, you know the feeling of dread that your personal information might be floating around out there — and potentially in the wrong hands.

Small businesses are also challenged to gain and retain the trust of their customers.

Are you thinking and acting in the interest of your customer when it comes to these three types of information?

Social media and online content

If a happy customer shares a testimonial or photo on social media, by all means, share it; It takes two seconds to retweet or share on Facebook and helps your business shine.

You can also ask them to send in their own pics, perhaps in the comments section of a Facebook post. Or they can upload pics of themselves using your product with a special hashtag. You can run photo contests on Instagram. Be creative with engaging your customers on social media.

But if you’re receiving information in other ways, it’s best to ask if you can use someone’s photo or quote. Better yet, ask them to fill out a photo release form. Not all customers may wish to be photographed in your store or have their identity shared on your social media accounts.

It may feel awkward, but the more you ask, the more comfortable it will become. A few examples:

  • “You look great in that dress. Would you mind if I took a photo to share on our Facebook page?”
     
  • “Look how much your little girl loves her ice cream cone! May we take a photo for social media?”
     
  • “Thanks so much for the kind email you sent us. Would you consider giving us permission to share your comments on our website?”

Health information

When you visit the doctor’s office, you’re protected by the Health Insurance Portability and Accountability Act (HIPAA), which ensures that your health information is both easy for you to access and also kept private by your healthcare providers.

While your business, such as a health and wellness center, spa or other gym, may not actively seek medical records from your clients, you may be holding on to their personal health information reported on registration forms or other paperwork.

It’s a good idea to familiarize yourself with the privacy policies of similar businesses in your industry, and be sure to implement such a policy for your own client records. Whether you’re storing files in your office or in the cloud, it’s always a good idea to keep them secure.

Financial data

If you collect customer payments through your ecommerce site or a cloud-based service, they may have questions about how you store and use their personal and financial information.

If you need to keep credit card or other billing information on hand for recurring orders or security deposits, be sure to encrypt that data online — and never leave it scribbled down on a piece of scrap paper in your desk drawer.

Monitor how much time your team members spend with access to customer payment data, and put measures in place to keep private information private.

If you don’t have a policy for how customer information is stored and used, it’s time to write one — and have it handy in case a potential customer asks about your business practices. 

Not sure if you’re doing enough to protect your clients’ information? Meet with a SCORE mentor to review your company’s policies and practices.