The 1998 Data Protection Act significantly changed the use of customer data. Paper records must now comply, as well as computerised records. Companies must be open about how they use data and must follow sound information-handling practice. The Act gives every individual access to information held about themselves. All data users must register with the Data Protection Registrar and comply with the principles of the Act.
Companies should use customer data to benefit customers. Many simply hold data without using it. The issue of regulation for the Internet is a difficult one.
Companies must ensure the data they hold is accurate and up to date. Get customers' permission before passing data or continuing to contact them. Reassure customers that you treat their data with the highest levels of confidentiality. Use data, within the spirit of the Act, to contact customers with information that you believe may be of interest to them. Make it easy for customers to respond or change their details.
Understanding the Data Protection
Data protection is a legal requirement for all employers. But do you really understand what it means? Data held on computers is governed by the Data Protection Act 1998. The Act puts in place eight principles to make sure that your information is handled properly. These principles require that data must be:
By law data controllers (the person nominated by a business to manage data on its behalf) have to keep to these principles. These principles put a significant obligation onto business. They require that information stored on computerised records (this includes databases, email records, electronic documents and other electronic communications and may cover personnel records, minutes and other sensitive information) must be accurate, kept only for a specific purpose and for a specific period of time, and importantly, that information be kept secure.
Data Protection Act FAQs
How do I know if my data has to comply with the Act? - Even if you only hold a small number of customer names and addresses, they constitute data under the terms of the Act. If in doubt, check.
My company is part of a larger group, can I pass customer data to other companies in the group? - You should ask the customer's permission before passing data to any other parties, even internal ones.
How long can I hold data on a customer? The Act does not specify a time limit, but recommends that it should not be held longer than necessary. It is in the spirit of the Act that you should not just hold data, but should use it to benefit the customer, for example, by providing them with information that you believe is useful.
What happens if data is inaccurate? According to the Act, data must be accurate and up to date. That puts the onus on you to maintain it properly and check with customers that it is accurate.
Making It Happen
Check all your records - the use of customer data changed significantly when the 1998 Data Protection Act came into force. The 1994 Act only covered data held electronically which could be processed on a computer. However, the 1998 version included paper records.
Paper records must comply - in theory this means that if you have a box of file cards with names and addresses, you should register that information with the Data Protection Registrar (DPR). Many sales and customer service teams still use this type of filing, even in relatively large companies.
Use data properly - the basic premise behind the Data Protection Act is: if you have data, use it properly. The Act works in two ways: -
Register your business for the data protection - under the Data Protection Act, all data users must register with the DPR. Once registered, users must comply with the principles contained in the Act. They must: -
Use customer data to benefit customers - not all companies comply with the spirit of the Act. According to research, some of the organisations holding most data, particularly in financial services, don't seem to use it at all, resulting in poor communications with customers. Many companies have simply been collecting data and not really putting it to good effect.
The data is itself very valuable, but customers may feel that they have handed over a great deal of information on their lives without seeing any benefit. The issue of data collection becomes even more complicated with the growth of the Internet. Not only will data collection be faster; consumers will expect higher levels of service than ever.
Be aware of Internet data - the issue of regulation for the Internet is a difficult one. The World Wide Web is based on principles of freely available information on a worldwide scale. However, consumers need to be protected so that they can use the Internet with confidence.
Check data accuracy - recent changes to the Data Protection Act mean that companies must ensure the data they hold is accurate and up to date. As part of your commitment to customer service, you should aim to offer customers useful and timely information that meets their individual requirements. To do this you might hold contact details, together with information on customers' personal interests which they have provided in the past. Because circumstances change, make sure that you have your customers' correct details and check that they are happy for the company to continue to contact them.
Customers have a right under the Data Protection Act to ask for a copy of the information you hold on them and to have any inaccuracies corrected.
Get the customer's permission - ask customers to let you know if they do not wish you to give this information to other parties. Tell them that you would like to continue contacting them. However, if the customer prefers you not to, ask them to let you know. If they do not reply within a specified time frame, tell them that you will assume that it is okay to continue contacting them.
Reassure customers about Data - customers should be assured that you treat their data with the highest levels of confidentiality. You should not disclose their information, without their consent, to third parties, any party within your own organisation, dealers or other organisations acting on your behalf.
Use the information to maintain contact - if you have data, you can use it-within the spirit of the Act-to contact customers with information about products and services that you believe may be of interest to them. You can also use the information for marketing, research or sales tracking purposes. Customer names and addresses may also be used to process orders and maintain accounts with the company or its dealers.
Make it easy for customers to respond - allow customers to respond to requests for permission or change of details by post, fax or e-mail. Let them know that they should reply if they would like you to stop contacting them, or if they want to change contact details. Provide a helpline that customers can call if they need any further information on your data policy or on the data you hold.
Storing data and not using it - the Act says that you should not hold data for longer than necessary. Consumer attitudes say that they should see some recognisable benefit for providing the information. Using inaccurate data - the onus is on the company to ensure that data is accurate. This means contacting customers to ensure that information is up to date and accurate.
Failing to register data - the 1998 version of the Act widened the scope of data protection to include paper records. Even small organisations with apparently simple customer records must comply. Making it difficult for customers to respond - the Act says that you must give customers access to any data you hold on them. That means you must make it easy for customers to contact you.