In the wake of the eCommerce boom, the security and privacy of customer data has become perhaps the defining issue for businesses and consumers. In an increasingly interconnected and digital world, billions of data points on millions of consumers are accessed and stored by businesses every day – in Australia alone. Retail, one of the industries that has ridden the digital transformation wave more than most, is particularly at risk.

In fact, research by Zoho has revealed that as many as 600,000 Australian SMBs, many of them retailers, could potentially face irreparable financial and reputational damage from a privacy breach. With 43% cyber-attacks targeting SMBs, privacy is a growing problem for businesses of all sizes  – particularly small retailers who might lack the resources and expertise of bigger brands. Understanding and addressing their risks is crucial for retailers to maintain consumer trust and businesses reputation.

Risk to regulation

Zoho’s research underscores the vulnerability of Australian SMBs and retailers to privacy breaches, with one in four businesses admitting they would not survive the financial or reputational damage of a breach. As major cyberattacks on prominent organisations like Medibank and Optus continue to make headlines, awareness is increasing, which is positive but action is still lagging.

While 75% of respondents ranked data privacy as either their top priority or important, only 44.4% have a well-defined customer privacy policy in place. One third have become more concerned in the wake of major breaches, but have still not taken steps to mitigate their risks. This discrepancy between awareness and action reveals a critical gap that retailers must urgently address, particularly as new legislation approaches.

To combat privacy breaches – which are increasing in severity and regularity – the Australian government is contemplating significant reforms to The Privacy Act 1988. Currently, small businesses are exempt, but under proposed reforms they will be liable to hefty fines and penalties for infringements or failure to comply.

Despite this impending shift, Zoho’s research found that only 51.8% of respondents believe their businesses understand their requirements under The Privacy Act 1988. Furthermore, one in four (22.9%) actively admit to not understanding what is required of them.

Developing a privacy policy

A privacy policy is a key tool that helps businesses manage personal information, and their requirements, in an open and transparent way. A privacy policy cannot prevent a breach, but it helps retailers comply with legislation, understand how to react to a breach, and take a more proactive approach that should minimise their risk of an incident in the first place.

The key to developing a sound privacy policy starts with an overview of the personal information you hold, as well as your personal information handling practices, procedures and systems. This will enable you to accurately describe and summarise how you currently handle personal information. You may have some of this information already, or you may need to carry out an audit and make a list of the personal information you have on hand, or develop policies and procedures if they are missing.

Think about your customers first. Remember, this document is for them and to help them better understand your privacy practices. Keep it simple so your customers – and employees – can understand the policy. It should be a document that creates trust and transparency, not more confusion. Don’t be generic; make the privacy policy specific to your business or operation. If it’s specific to your business, it’s easier for your employees to communicate and enforce, and for your business to respond if it is the target of a breach.

No business, big or small, is immune. But a privacy policy is an effective first step in building consumer trust, employee awareness and business contingency. Zoho’s research serves as a wake-up call for retailers and SMBs across Australia, highlighting the urgent need to bridge the gap between privacy awareness and action.

As consumer demands for privacy and security increase, and legislation becomes more stringent, retailers must take proactive steps to train their staff, communicate with their customers and understand their requirements as a business. If they do so, they can have peace of mind that there are safeguards and processes to make their business and customers safer online.

Vijay Sundaram is chief strategy officer at Zoho.