Many websites only provide information to people, or there is limited information stored, such as a login and password. Even though in most cases passwords are encrypted, and nobody can access them, you need to ensure that you’re up to date on security patches and understand who has access to your system to see this information.
When you start storing customer data, and especially when it’s Personal Identifiable Information (PII), you need to look at how you handle consumer privacy and at the level of protection of the data you’re storing on behalf of your customers.
Follow us for a deep dive into why customer privacy and data protection are important, as well as some tips on how to get started.
Do you want to know more about websites?
CMS? Server? Websitebuilder? Plugins? Puzzled by all those terms? We will explain everything in our free guide.
Customer privacy and data protection: why is it important?
Personal Identifiable Information (PII) is the information you store on your customers that lets you identify individual customers, such as names, addresses, emails, credit card numbers, and even IP addresses.
It doesn’t matter what size your company is; there are always people scanning for vulnerabilities that will allow access to customer data which can be stolen and used for nefarious purposes. Whether that’s to use credit card numbers to make purchases, or even attempt identity theft, or get access to other systems using the information you store.
Your ability to implement solid consumer privacy and information protection strategies is extremely important for you and your customers.
Issues for customers
If your website exposes customer data, it’s a major problem for the customers. They need to cancel credit cards, update passwords, and then be on the lookout for identify theft depending on how much information was stored on your website and what the attackers took.
Issues for you as a business
For you as a business, it can have significant implications as well. You open yourself up to lawsuits and fines that could put you out of business if they’re too large for you to pay and continue operating.
You may think that it can happen to anybody, but each jurisdiction has differing requirements for what you must do when storing different kinds of customer data. If you fail to meet those requirements, then that’s when you start getting fined and have lawsuits filed against you.
You also have the issue that your customer base is aware that their information was not safe with you and is now in the open, which can damage your relationship with your customers, which can also impact your business as a whole if they stop purchasing or using you.
Website privacy and security: how to secure customer data on your website?
There is no single approach that every website can take to secure customer data. However, there are steps you can use to implement your own policy around how to handle it so that you can implement specific tasks and requirements for your business.
Keep your website software up to date
One of the most critical components is to ensure that you keep all of your website software updated. That means applying patches and upgrading often, especially when security patches come out.
You’ll need to document what software you’re responsible for, whether that’s just the website framework like WordPress or whether you’re also responsible for the Operating System and Database. Make sure you have a plan for upgrading your software, and checks in place to make sure that happens.
To learn more about how to keep your website secure, check out our FREE website guide!
Check the laws for the jurisdictions you have customers in
Every jurisdiction has different privacy and data protection laws, so you need to look at and find what those laws and requirements are for every jurisdiction you operate in.
The EU, through the General Data Protection Regulation, has stringent regulations around the storage and security of digital data.
Once you understand your requirements, you must implement them and ensure that you’re continuously checking to ensure that when things change and new regulations come in, you’re able to update your policies.
How to protect your customer privacy on WordPress
Protecting the privacy of your customers should be an ongoing process, whether that’s regarding software updates or policy updates.
You also need a customer privacy policy that customers can read to see what information you store and how long you hold it for. You may need to give customers a way to access a copy of the information you store, and a way to delete the information from your website.
You may also need to request specific content to store customer data, even if users aren’t logging into the site. So ensure that you’re aware of those requirements and install Privacy Content plugins so that users can decide if they want to continue and have their information stored by your website.
There are some general steps to help protect your customer privacy on WordPress.
Use a known and secure website hosting service
Enable SSL for your website
Limit WordPress plugins to only those you need, and review any that aren’t being updated
- Install the Wordfence plugin to monitor and report on issues with any of your plugins
- Add an IP/Country blocking plugin so that users living outside your customer locations can’t access your website
- Secure Accounts
- Add 2 Factor Authentication (2FA) for admin accounts
- Ensure you remove admins that no longer work with your website
- Force strong password policies so basic passwords can’t be used
- Limit login attempts and lockout users that try too many
If a customer requests deletion of their data, you should be aware of the Erase Personal Data tool that WordPress provides by default now. You’ll find this under Tools > Erase Personal Data.
WordPress customer data: how to create a privacy policy for your website
WordPress offers two built-in tools that help you create a customer privacy policy. They are the Privacy Settings and Privacy Policy Editing Helper.
The examples and helpers in both of these tools are just starters, so you need to ensure that your privacy policy is comprehensive for all jurisdictions you operate and covers all scenarios specific to your website and business.
Privacy Settings
Privacy settings will help you get the primary sections started on your customer privacy policy and provide some examples that you’ll need to review and modify to be specific to your site and the data you collect. You can find this tool under Settings > Privacy.
Once you get the basics, you can add as many additional sections or other vital information in your consumer privacy policy.
Privacy Policy Editing Helper
The Privacy Policy Editing Helper is part of the Privacy Settings, but it pulls information on WordPress core and all your plugins. So you can quickly detail what and where information specific to WordPress is being used and stored.
Need help with customer privacy and data protection?
Mowgli builds and maintains secure websites for businesses around the world. If you’re looking for a partner to update your current system or assist you in making sure you’re aligned with current regulations. Get in touch with our team today.