Your Brand May Be Compliant, But Are Your Tech Partners?
Data privacy remains a hot issue for the retail sector, with more than 70 percent of shoppers in the U.S. worried about how companies use and collect their personal data. After massive data breaches at some of the nation’s largest retailers, today’s retail companies are being held to a higher standard of compliance than ever before. And while your company may be compliant with new data privacy and protection laws, you need to make sure that your technology partners are just as accountable.
Chances are that you’ve heard of HIPAA, GDPR, and CCPA, regulations that require companies to provide safeguards and extend rights to their customers’ personal data. But what about SOC 2, one of the most important data security compliance certifications that many technology partners have yet to obtain?
What is SOC 2?
SOC 2, which stands for system and organization controls, was developed by the AICPA as an auditing procedure to ensure that data stays safe from risk and exposure. It applies to any company that relies on the cloud to store data, which includes all of today’s SaaS companies.
SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy.
SOC 2 goes well beyond ticking the compliance checkbox and passing the audit test. It provides retailers with an extensive view of the security and privacy measures that the vendor takes and requires long-term, well-defined internal practices and procedures to protect against data breaches and protect sensitive shopper information. When a technology partner makes this significant investment of time and resources to obtain SOC 2 compliance from an independent third-party auditor, retailers can rest easier knowing that their customers' personal data, which they've entrusted to a technology partner, is covered under this gold star-level of protection.
Picking the Right Tech Partner
Given how rapidly retail companies are moving to cloud-based services and the ballooning number of cloud-based security threats, choosing technology partners that have the right compliance controls in place becomes exponentially more important.
Just as you expect the top hospitals to comply with HIPAA to protect your medical records, you should expect the top tech companies to comply with similar, relevant certifications. In addition to SOC 2, the General Data Protection Regulation (GDPR) serves as the European Union’s overarching framework for protection of personal data, and the California Consumer Privacy Act (CCPA) sets a new standard for rights that California consumers have regarding the personal data that businesses collect about them. If you're considering selecting a technology partner that doesn't comply with today’s regulations, think again.
Why Compliance Matters
Partnering with a technology vendor that has not demonstrated its compliance and commitment to data security by going through the rigor of independent third-party security audits can put your brand at risk for data breaches, which can lead to expensive court hearings, administrative fines, and permanent damage to your brand reputation. In addition, it becomes increasingly difficult to build trust with customers who expect full transparency and security for their data.
On the flip side, retail technology vendors that have achieved the highest levels of compliance certification can gain competitive advantage by offering their retail clients protection of their data and their reputations. In turn, this provides retailers the ability to assure their customers that their data is safe from cyberthreats, leaving retailers to focus on using the data to build more personalized customer relationships.
Taking seriously the trust that your customers place in you when they hand over their personal data means conducting extensive due diligence to select the optimal retail technology partner. If they come without SOC 2, it’s best to continue searching until you find a partner fully equipped to handle the security, availability, integrity and confidentiality of your customers’ personal data.
Brad Birnbaum is chief executive officer and founder of Kustomer, an omnichannel customer service platform.
Related story: Why Now is the Time for Retailers to Adopt a D-to-C Mind-Set