Perhaps
you’ve
been
hearing
about
data
analytics,
which
is
being
promoted
as
a
way
for
even
small
businesses
to
analyze
communications
with
customers,
enhance
customer
experience,
save
money,
and
ultimately
improve
your
brand.
However,
data
analytics
can
have
big
privacy
implications.
You
may
think
of
managing
privacy
risk
as
protecting
sensitive
customer
information,
such
as
credit
cards.
As
the
Venn
diagram
to
the
right
demonstrates,
data
security
is
certainly
one
aspect
of
privacy
risk,
but
privacy
risks
can
also
arise
by
means
unrelated
to
cybersecurity
incidents.
People
can
experience
problems
or
adverse
effects
simply
from
the
way
organizations
use
data
for
business
purposes.
These
“privacy
events”
can
result
in
a
range
of
problems
from
customer
embarrassment
if
information
is
revealed
that
they
didn’t
anticipate,
to
more
tangible
harms,
such
as
discrimination
or
economic
loss.
Do
I
need
to
be
concerned
about
privacy
as
a
small
business?
Absolutely,
if
you’re
conducting
data
analytics
or
relying
on
a
service
provider
to
do
it
for
you.
Data
analytics
may
be
useful
for
improving
your
business,
but
it
relies
on
your
customers’
data.
Data
analytics
are
powered
by
machine
learning,
which
finds
patterns
within
large
quantities
of
data
and
reapplies
them
to
make
decisions
on
how
best
to
create
beneficial
business
results.
With
data
analytics,
customer
data
may
be
collected
in
multiple
ways,
such
as
tracking
customers’
activity
on
your
website
or
customer
email
interactions,
directly
asking
customers
for
information
during
the
course
of
doing
business
or
through
live
chat
and
phone
calls,
or
through
feedback
obtained
from
customer
surveys.
Data
analytics
can
reveal
sensitive
information
about
people
or
even
create
issues
of
bias
that
lead
to
discriminatory
differences,
such
as
displaying
advertisements
based
on
stereotypical
ideas
about
gender,
race,
or
economic
status.
Whenever
you
interact
with
a
customer,
it
is
important
to
protect
their
privacy
so
that
you
do
not
lose
their
trust
or
business.
I
rely
on
outside
service
providers.
Aren’t
they
managing
privacy
for
me?
It
depends.
If
you
are
unaware
of
what
your
service
provider
is
handling
for
you,
you
should
review
your
contract
with
them
to
verify
that
they
are
meeting
your
business’s
privacy
objectives.
Communication
with
your
service
provider
is
key
to
success!
Here
are
some
helpful
tips
when
working
with
your
service
provider(s):
-
Verify
that
the
customer
information
you
share
with
your
service
provider(s)
is
being
used
for
your
business’s
data
analytics
and
not
for
any
other
purposes. -
Ask
about
options
that
reflect
your
business’s
privacy
priorities.
You
might
be
surprised
by
what
is
available. -
Does
your
contract
require
your
service
provider(s)
to
provide
notice
of
any
security
or
privacy
incidents
that
they
may
experience?
Service
providers
should
be
able
to
share
this
information
so
that
you
can
better
communicate
with
your
customers,
if
necessary. -
Another
question
to
consider
is
whether
your
service
provider(s)
are
using
Privacy-Enhancing
Technologies,
or
PETs
(and
we’re
not
referring
to
Fido
over
there),
to
help
manage
privacy
risks?
Certain
types
of
PETs
enable
a
service
provider
to
analyze
data
without
having
to
access
the
actual
customer
data
itself.
PETs
help
keep
data
anonymized,
which
protects
your
customers’
identities!
What
resources
can
I
use
to
jump
start
privacy
within
my
small
business?
The
NIST
Privacy
Framework’s
Learning
Center
has
several
resources
that
can
help
you
get
started.
Have
you
ever
felt
frustrated
reading
a
manufacturer’s
long
instructions
manual?
Think
of
the
Getting
Started
with
the
NIST
Privacy
Framework:
A
Guide
for
Small
and
Medium
Businesses
Quick
Start
Guide
as
a
“speed
read”
version
of
the
NIST
Privacy
Framework:
A
Tool
for
Improving
Privacy
through
Enterprise
Risk
Management
to
help
you
get
started
on
tackling
your
business’s
privacy
concerns.
The
Quick
Start
Guide
addresses
some
key
issues
when
considering
what
your
business
needs
are
when
it
comes
to
identifying
privacy
risks,
such
as
when
doing
data
analytics.
It
is
laid
out
in
a
“Ready,
Set,
Go”
format
which
makes
it
easy
to
approach
developing
or
improving
a
privacy
program.
The
Learning
Center
also
has
helpful
videos,
ranging
from
a
fun
4-minute
animated
video
to
a
more
in-depth
webinar
with
a
panel
of
experts
using
the
Privacy
Framework
for
regulatory
compliance
and
risk
management.
There
is
a
one
page
summary
of a
Privacy
Framework
success
story
from
Arlington
County,
VA,
where
you
can
learn
how
the
Privacy
Framework
was
used
to
improve
Arlington
County’s
privacy
practices.
Lastly,
the
Resource
Repository
has
mappings
between
the
Privacy
Framework
and
different
laws
and
standards.
Privacy
doesn’t
have
to
be
overwhelming!
Using
resources
to
help
get
you
started,
being
aware
of
the
privacy
risks
your
business
faces,
and
communicating
with
your
service
provider(s)
are
important
first
steps.
Your
customers
will
be
grateful
in
the
long
run
for
taking
care
of
their
privacy.