Get to Know Customer Data and Your Data Custodians
Learning Objectives
After completing this unit, you’ll be able to:
- Identify which information is considered customer data.
- Explain the difference between the two types of data custodians.
- Summarize what data custodians can and cannot do with data.
Customer Data
The way we define customer data is that it’s the information submitted by or on behalf of a customer directly to one of your services. Customer data can take several forms and include the following.
- Personal data
- Contact information
- Account information
- Marketing data
Personal Data
Personal data involves both personally identifiable information (PII) and non-PII. PII is any information used to recognize or link an individual to an identity. It includes items such as first or last name, physical address, protected health information (PHI), location, age, and more. Non-PII is anonymous information that can potentially identify more than one person (IP addresses, device identification, web cookies, and more).
Contact Information
Contact information provides the means to communicate with a person, such as a personal or business phone number or email address.
Account Information
Account information holds critical data about a customer’s user account, including name, order, billing, interaction, and credit information.
Marketing Data
Marketing data is any information that is of benefit to marketing teams, such as competitive intelligence, market research, commercial transactions, customer feedback, preferences and interests, and other metrics.
You should define customer data in your service level agreements (SLAs) to stay in sync with your customers on what is considered customer data and what rules apply to it.
What Is Not Customer Data
Not all data your customers provide to you is considered customer data. For example, information your customers share with you via any means outside of your offered services is not customer data. This may include information your customer shares with you before they sign up for your services, or information you obtain from publicly available sources or third-party content providers.
Types of Data Custodians
Now that you have a solid understanding of privacy laws, customer commitments, privacy principles, and what’s considered customer data, let’s introduce you to data custodians and discuss how they fit into the picture.
There are likely two types of data custodians at your organization: personal and customer.
Personal data custodians are those who access and handle personal data. Some examples of personal data custodians are:
- Salespeople who have access to customers’ and prospective customers’ personal data.
- Marketing personnel who manage email and digital marketing to individuals.
- Human resources, IT, payroll, security, managers, and other personnel who have access to employee data.
Customer data custodians access and handle customer data (which can include personal data). These custodians are generally a selected group of employees within your organization who have access to customer data. Typically, customer data custodians fall under technical support operations or customer support.
While there are some requirements that apply to both personal data custodians and customer data custodians, there are typically additional requirements that apply only to customer data custodians. That’s because customer data is subject to your customer contracts and SLAs, which may go beyond what privacy laws require. Let’s look at some baseline requirements for data custodians.
Data Custodian Responsibilities
- Implement technical controls for safeguarding data confidentiality.
- Limit, authorize, and control access to personal and customer data.
- Maintain technical processes to sustain data integrity.
- Validate that data added to datasets are consistent with a common data model.
- Process, access, handle, or view personal or customer data as necessary to perform their duties.
- Adhere to policies on internal and external data sharing.
If you’re unsure about sharing personal data outside of your organization, contact your legal department for assistance.
Knowledge Check
Ready to review what you’ve learned? This knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Great work!
Sum It Up
In this unit, you learned about the baseline privacy requirements that apply to data custodians. In the next unit, you learn about data security incidents and reporting requirements.
Resources
-
External Site: Harvard Business Review: Be a Data Custodian, Not a Data Owner
-
External Site: Indicative: What Is a Data Custodian