Gallup asked Americans to say how much confidence they had in institutions. The most trusted was the military at 73%. The second? Small business at 68%. Where was big business? 23%.


Of course, that makes intuitive sense. Maria, who owns the nursery around the corner from my home, has watched my kids grow up coming to their Fall Festivals, cookies with Mrs. Claus, and special Easter Bunny events. Ron, the shoe guy, has made all of our shoes look like new, and knows my daughter always needs her left shoe stretched a little more than the right one. Mike, at our local pizzeria, knows our family's order and ensures we get our favorite table. Taylor, at the local photography studio, has taken incredible photos of our children each Christmas for years.


I know them. They know me. And I trust them when they say they can or can't do something, and at what price. I have no such confidence in Amazon who has employees wearing adult diapers to meet quotas. In 800 Flowers which has never delivered any arrangement that looks like the picture on their website. And I figure just about every big business is out to take my money and give me the crappiest thing they can get away with. And that's not just my opinion according to Gallup.


So we, as small business owners, can build on that innate trust and create raving fans who LOVE our businesses. And keep coming back for more. As we all know, people do business with those they like, know and trust.


One way we can help build trust with our clients is by having privacy and data security policies that show we care about our clients and their information. If we have a website, there should be links to those policies that they can read.


What should be in a privacy policy?


First and foremost, it should tell what information we collect from clients and prospective clients and why. I always encourage my clients to collect on the data they really need. For instance, generally, you need personal information from your client or customer in order to properly provide goods and services, and to receive payment. If it isn't advancing those goals, you don't need it. (And, honestly, people resent having to give more information than needed. I know a number of websites I've dropped off of because they got too nosy for what they were offering.)


Once you've told them what you're collecting and why, you need to tell them exactly how you'll be using it. This is similar to why but it gives more detail. It allows them to see how you are treating their data.


Third, you need to tell them how long you're going to keep the data. Is this kept only to process the transaction, to fulfill the order, forever? How long is that information out there?


Fourth, you need to tell who will have access to the information. Do you share it with third parties? If so, why? If it's to process their order or provide services, that's one thing, but we know that consumers hate their information being sold to others for more marketing. I always advise against that.


Next, you need to tell them about the steps you take to protect their information. This does not have to be in great detail, but assure your clients that you are aware that this needs to be protected, that you restrict access to those who need to know you take reasonable measures to protect the data, etc. Of course, that needs to be true and we can discuss that more.


And finally, you should give them someone to contact to ask questions and/or to opt out. It doesn't have to be an individual's name but at least an email address that will go to the right person. You can explain the consequences of opting out (i.e., you may not be able to get the goods and/or services), but you should honor someone's request to no longer provide the information.


Francine E. Love
Connect with me
Founder and Managing Attorney at Love Law Firm, PLLC which dedicates its practice to New York business law