From the Business Desk is a semi-regular series that looks at some of the important factors in running a Small Fiber Arts Business.  This feature looks at some of the common privacy implications that Small Business owners should have an awareness of.  Join Mr. Turtle as he looks into the practicalities of privacy and small business.

Just the other week, the United States Office of Personnel Management (OPM) announced that in addition to the estimated 22.1 million identity records that had been compromised in an illicit hack of their databases, approximately 5.6 million sets of fingerprint records has been stolen as well.  Unlike a credit card or social security number, which can be changed or re-released, this personal biometric data is crucial to keep private, something that the OPM had failed to do.

While most small businesses do not operate at the scale of the Federal Government, they are still responsible for certain privacy requirements around how customer and employee data is collected and used.  In addition to the commonly thought of privacy items like securing data from theft, there are other more subtle aspects of privacy law that govern what a business can, and more importantly cannot, do with someone’s data.  While privacy has been growing in importance with the rise of the Digital Age, it has only been recently that the general public has become attuned to it’s importance in the world of commerce.  As a small business owner, having a baseline understanding of some of the key elements of privacy law can pay dividends in protecting your business and yourself from liability.

In the United States, unlike our European cousins, privacy regulations follow a sectoral approach: each sector of the economy has its’ own set of laws and regulations.  The general enforcement for privacy constraints in the business sphere, as opposed to more regulated sectors of industry like healthcare and finance, is the Federal Trade Comission (FTC).  In its’ creation with the Federal Trade Commission Act, the body is chartered with enforcing against “unfair and deceptive trade practices and acts,” of which case law has held includes taking appropriate privacy and security measures.  For the small business owner, this is important in how you portray your business’s privacy practices to your customers and the general public.

One of the first items a business owner should consider is that if you have a web presence, you should have a written Privacy Policy.  This serves to inform any visitors of their rights to their personal data, and more importantly, your intentions surrounding that data.  This in turn allows users to make informed decisions or know that for instance using a “contact me” form on your website may lead to their email address being added to your mailing list.  Additionally, the State of California in their 2003 Online Privacy Protection Act requires such a notice to be posted on the website if you may potentially be collecting identifiable information from California Citizens.  Given the interconnected web of e-commerce in today’s world, the chances are that this may be happening; ensuring that you have developed a current and accurate document unique for your business situation can cover a lot of your privacy bases in this respect.

Another key area a small business owner should be aware of is how they conduct any email communication and marketing.  As e-mail messaging has exploded in recent years, replacing more traditional postage service mailings, many small business owners have found themselves afoul of the regulations in this space.  Email messaging in the United States is primarily governed by the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) of 2003.  In brief, the Act requires all email messages to possess a legitimate return email address and physical address of the sender, not have any false, misleading, or deceptive headers or subjects, and provide a clear and conspicuous way for the recipient to opt out of receiving future email messages at no cost to them.

Because of requirements such as these, I would recommend that any organization that intends to use email as a platform for outreach to consider selecting an Email Marketing service to assist in managing one’s distribution list.  Many of the commonly used services, such as Mad Mimi, MailChimp, or Constant Contact provide free or extremely cost effective basic plans for small business users.  These services allow the use of email formatting templates to assist in meeting all necessary privacy requirements, and additionally provide a platform by which recipients can individually manage their subscription status and opt in or out of receiving certain types of communications.  Additionally, such services assist in keeping email distribution lists secure, and ensure that when messages are sent out, recipients email addresses are not exposed to other individuals.  It is because of these benefits that any small fiber arts business should consider setting up an Email Marketing service as part of their initial business plan.

While the future of privacy law and requirements for U.S. based businesses may seem murky, a small fiber arts business can take heed of the above principals to best position themselves to be able to respond both to industry requirements as well as the overarching desires of their customer base.  By acting and thinking in the best interest of the customer, and treating customer information as you would have another company treat yours, the savvy business owner can create and maintain indispensable customer goodwill.  And that is an asset always worth having for your business.

Michael Raymond, CIPP/US

“Mr. Turtle”