Over the last 18 months, retailers across Australia have embraced digital technologies to alleviate the immediate impacts of the pandemic and build their long-term digital foundations. Once-traditional businesses are now innovating, using eCommerce stores, CRMs, digital marketing and more to cater to tech-savvy consumers. However, as our reliance on the internet grows, so too do online risks.  

The Australian Cyber Security Centre received more than 67,500 cyber crime reports from June 2020 to July 2021 – a 13 per cent increase on the previous year. Not only are attacks increasing in frequency – one is reported every eight minutes – but they’re also increasing in severity too.

A breach can cause severe financial and reputational damage. With so many retailers still contending with the impacts of the pandemic, a breach could – in some instances – be business-ending. And if it’s not immediate, the reputational damage can be very hard to recover from.

Reforms to the Commonwealth Privacy Act are currently in motion. Some – but not all – retailers must be compliant or risk significant punishment. However, as a matter of best practice, all retailers should understand the issue and have safeguards in place.

Unfortunately, Zoho research found that just 31% of retailers have a defined, documented and enforced data privacy policy. The majority either don’t have a policy, are unsure, or don’t enforce theirs. As the shopping season looms, data privacy becomes even more important. To harness the potential of a digital presence and alleviate the risk and impact of a breach, awareness, education and action must be a top priority.

Education and awareness

Data privacy is one of the defining issues for the business community today. Unfortunately, confusion, uncertainty and inaction reign supreme amongst Australia’s retailers. It’s still too easy for retailers – particularly small and medium businesses – to forgo their responsibilities as a business that directly (through online sales) and indirectly (through automatic third-party cookies) collects data.

However, the threat and the potential cost is real. With tens of thousands of retailers catering to millions of Australians online, and the amount of personal data exchanged growing by the second, the risk and cost are increasing.

The technology industry must help educate businesses about data privacy, what data their platforms collect, where it’s stored, how and why it’s used, and what retailers can and should do to minimise risk. However, according to Zoho’s research only 20% of retailers believe that vendors have done a good job of explaining how data is used.

Meanwhile, policymakers must ensure that data privacy policies are realistic and empowering, that smaller retailers have time and support to become compliant and that they’re not overburdened with stifling regulation. And collectively, both should help retailers implement safeguards that protect their business and their customers.

Turning awareness into action

Presently, only businesses earning over $3million AUD, and select others, must be compliant with the Data Privacy Act. However, whether mandatory or not, all retailers are responsible for protecting their business and customers. Creating a data privacy policy ensures you’re actively thinking about, and acting on, your responsibilities.

As a bare minimum, a privacy policy should outline what information your business collects directly and indirectly; what information you might collect in the future; how you collect, manage and share it; and how third parties like Google and social media collect and use information from your customers. It should also inform your shoppers that they might be making their personal information available to you through Cookies, even without them proactively doing so.

Beyond a privacy policy, there are other steps you can take to safeguard your customers’ information. Data encryption ensures that hackers cannot unlock personal information. Monitoring software constantly scans your website for unscrupulous activity, and fixes vulnerabilities before they become potential breaches. Password managers that organise your sensitive passwords and protect your business from potential threats is another simple safeguard.

Technology like Zoho, for example, does not contain third-party cookies that indirectly track your customer’s data without you or them knowing. At the same time, all our solutions are built with privacy as the core foundation, rather than an afterthought. Educating your staff about safe housekeeping instils an important culture and gives you and your customers peace of mind that measures are in place.

Running a retail business in a COVID-normal world will be dependent on collecting more data – for health and safety and as a strategic advantage – than ever before. However, if the industry makes education a priority, and businesses guard against threats, retailers can create safe and sophisticated digital strategies that will be the hallmark of success for years to come.

Vijay Sundaram is chief strategy officer at global technology platform, Zoho.