You could probably guess that over the last few months you weren’t the only one getting bombarded by new privacy policies from dozens of businesses that you forgot you were even subscribed to. Since the GDPR went into effect in May, there has been a fundamental shift in the way companies deal with customer data. Additionally, customers are more conscious of their personal data privacy than ever before and as new regulations are passed and implemented, it is becoming more and more important for businesses such as lead companies to assemble a comprehensive plan to manage all of their customer data.
This is not meant to sound like an indictment of your business if you don’t already have a full security strategy in place. This entire shift is actually a very good thing. What is good for the customer is good for the industry. What is good for the industry is good for your business.
So instead of drumming on about how important it is to keep your lead data secure, we thought we would give you some concrete suggestions that you can either use directly or use to help you start thinking about what will work best for your business.
In-System Security
The single easiest and most common way for your customer data to be compromised is via internal means. This could come in the form of an employee intentionally or even inadvertently sharing personal customer information. Step one of data security is to plan for this scenario.
Login Security: Require email authentication upon each login or each login from a new device.
User Groups: Identify the permissions for each individual user or user groups and never give access that is not essential for any given user.
Field Encryption: Automatically encrypt sensitive fields once they are posted into the system. These sensitive fields are encrypted both in the front-end system as well as the database.
Secure Mode: Enable Secure Mode to view encrypted fields. All action taken in Secure Mode is logged to record individual user activity.
Lead Field And Database Security
The only guaranteed way to ensure the security of your customer data is to delete the fields you don’t absolutely need as soon as possible.
30 Day Field Cleanup: Our rule of thumb for typical U.S. lead verticals is to keep personal data no longer than 30 days. At 30 days, your system can automatically clean all personally identifiable information (PII).
Real-Time Field Cleanup: For more stringent security and especially for any business that does leads in the EU, it is important to immediately clean the system and database of PII after the lead is processed.
Historic Data Cleanup: Like the above lead cleanup methods, it is important to clean all old or existing data in your lead system of PII.
Secure Data Retention
Before cleaning your existing data or cleaning fields in real-time, you may be tempted to download or export your data for safe-keeping. However, we do not recommend this, unless certain precautions are taken.
Secure S3 Export With Data Encryption: If you absolutely need to retain specific lead information before it is totally wiped from your system, there is a secure method to export and encrypt this data in your Amazon Web Services account. This gives you the luxury of retaining any necessary information with the security of Amazon's S3 storage.
Each of these methods and tools outlined above can be used together to make an air-tight data security plan that works for you. If you are a boberdoo user interested in building your security plan, you can view a full outline of all of our security features. Once you're ready to get started, please open a support ticket and we'll help you get set up. If you are not a boberdoo user, but are interested in using the most robust and secure lead distribution software on the market, please fill out the form below to get started.