3 Gamechanging New Year’s Privacy Resolutions for Your Business in 2022

As the new year approaches, it’s time to consider your resolutions for 2022. Business owners often reflect on how they can increase profits, cut costs, or otherwise improve their financial health. But we would hazard a guess that relatively few are making privacy resolutions for businesses in 2022.  

Given the current climate of increasing customer expectations and enforcement, we would argue that there’s no better time than now to start resolving to improve your privacy practices. The below three privacy resolutions are a great place to start:  

3 Privacy Resolutions for Businesses in 2022 

1. Get rid of dark patterns on your website.  

Dark patterns are design features built into websites or apps that make it more difficult for users to provide informed consent about or otherwise manage their privacy. Examples of the use of dark patterns are features that require users to click through multiple pages to change their privacy settings. Other ‘digital traps’ associated with use of dark patterns include: 

• forced continuity programs that make it difficult to cancel charges, 
• trick questions to frustrate user choice, and 
• ‘free’ trials that automatically convert into paid memberships. 

If your website design or other business practices make it difficult for users to manage their data, privacy, or even their account settings, it’s time to rethink them. Consumer expectations about their ability to manage their account settings and privacy are only increasing and failing to meet these expectations can lead to reputational damage, loss of trust and decreasing customer loyalty.  

Removing Common Dark Patterns 

At a minimum, your business should:  

• Obtain and keep records of your users’ clear and unambiguous consent. 
• Make it possible for users to see and manage their privacy settings with just one click from within their account dashboard on your website. 
• Make it possible for users to delete their data and/or their account from their dashboard within 1-2 clicks. Do not obscure these settings.  
• If you charge users a subscription, make sure they can cancel their subscription within 1-2 clicks fromtheir account dashboard. It should be clear where they manage their payments, too.  
• Use very clear, plain language when describing your privacy practices.  
• Ensure the easy-to-understand privacy practices information is visible and/or easily available whenever a user makes a change that impacts the handling of their personal data or privacy.  

2. Make time to address your data retention issues.  

The more data your business collects and stores without securely disposing of it (or having a plan to eventually securely dispose of it), the greater the risk that data poses to your business. All businesses should have policies and procedures in place to manage personal information throughout its lifecycle. If your business hasn’t taken the time to ask and answer all the below questions, it’s time to address your data retention risk:  

1. Are you only collecting data that serves a legitimate purpose for your organisation’s operations or functions?  
2. Do you keep an accurate inventory of the types of data being collected and stored, including details of where the information is stored and whether any backups exist?  
3. Is there a governance process in place to track the personal information your organisation collects throughout its lifecycle? 
4. Have you considered and documented milestones outlining the point at which that organisational purpose will have been fulfilled? 
5. Have you considered and documented any statutory retention periods relating to some or all of the personal data you collect?   
6. Do you have policies and processes in place to ensure that data which has fulfilled its purpose is securely and permanently destroyed? 
7. Do you staff know about and understand the importance of proper privacy hygiene at your organisation, including how to achieve it in practice? 
8. Are there checks in place to ensure the personal information (and any copies) are being securely and permanently destroyed at the end of its lifecycle?  
9. Is there a person who is accountable for overseeing this process and for the outcomes of the process?  

3. Resolve to make privacy a strength for your organisation. 

In our recent article about how organisations can make privacy their competitive advantage, we outlined that strong data privacy practices can (according to CPO):   

• Reduce the harm caused by data breaches.   
• Increase consumer trust and loyalty.   
• Drive sales.  
• Attract new customers.   
• Improve customer relations.  
• Help your organisation meet customer expectations.   
• Support innovation.   
• Decrease risk. 

We are seeing more businesses recognise both the benefits of privacy and the risk it poses, without having the resources or in-house knowledge to properly manage it. There are three ways to overcome this knowledge gap:  

1. Empower your team to address privacy risk internally through privacy training. 
2. Outsource privacy to a privacy consultant. 
3. Implement privacy enhancing technologies. 

The team at Privacy 108 is here to assist, no matter which option you choose.  

Contact us to ensure 2022 is the year you achieve your privacy resolutions for businesses.