How many of us take the time to read privacy policies and notices on web sites? If you are in the B2B marketplace it may be worthwhile for you to review a prospect’s privacy information prior to making your initial contact. Why? Many businesses are requiring that their vendors have a privacy program protecting customer and employee information just as that business would. You may find that a business’s privacy notice contains a statement similar to this from P&G regarding third parties receiving personal information:
We require these companies to protect this personal information and to not use the information for any other purpose.
Companies such as P&G are looking to protect their customer’s and employee’s information just as if the data ware being handled by the company itself.
The number one privacy question I have seen asked during a sales process is “Are you PCI/DSS compliant?” If a customer company is allowing the use of credit cards for purchases they want some assurance that proper precautions have been taken to protect the credit card information. PCI /DSS compliance provides this assurance.
Another question usually asked is “Do you have a Written Information Security Plan?” A WISP defines who is responsible for information protection within your organization, how the data is protected, and how a data breach would be handled. Businesses that have customers that are Massachusetts residents are required to have a WISP under MA 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth, but it is a good idea for every business to have WISP in place.
Businesses are also interested in with whom their vendors share information. These business want to be sure the information is protected appropriately regardless of where it travels.
All of these questions an be answered if you have a privacy program in place. Without a privacy program and/or being unable to meet the privacy requirements of your prospects may have you leaving money on the table.