In the Trenches: Handling Sensitive Customer Data
I just got back from a week on the road, and as usual, it was exhausting. Being in a bunch of different places is one thing, but then having to run a business on top of it really drains me. I need to get others to be able to take my place, but there's one thing standing in the way: the money.
No, not spending money. Taking it from our customers.
There are really two tasks that can't currently be done by other people in the company, and they're related. One is booking travel, but that's just because nobody else knows how to use the system yet. I can train someone or find someone with a good background in the system I use and the problem is solved... except for one small piece. That's where the money comes in.
Today, I'm the only who handles sensitive information. We don't deal in social security numbers or anything like that, so it's really mainly focused on credit cards. There are a handful of times when clients need to use their cards.
- If a client signs up over the phone (if they do it online, then we don't need the number)
- If we need to book travel for a client
If one of our concierges is working with someone who needs to book a flight, then I talk to them directly to get the credit card info. The reason? Security and privacy. I take customer data security very seriously, and when I let others start handling that data, it suddenly becomes a much bigger issue. I'm not even sure I fully know what needs to be considered, from a legal standpoint, when dealing with this.
Clearly I'd need to make sure that there is something in the customer contract that talks about responsibility of the concierge or employee. I'm sure I'd need to create an internal policy for data handling as well. I'd also need to make sure I had insurance to cover any issues that might arise. Background checks? Maybe. I can probably think of a million hoops to jump through before letting someone even touch a credit card number.
But that's largely guesswork. What do I really need to do to protect myself and my customers? Anyone have good resources on this?