There's been much in the news of late regarding the tension between (national) security and (personal) privacy. Apple vs. FBI, UK Gov's Investigatory Powers Bill, various anti-encryption proposals in the US and elsewhere, all putting security and privacy at odds with each other. There is another side to the story, however.
If you are a custodian of data about your customers - a Data Controller in the dry jargon of UK Data Protection Law - then you have a responsibility to take adequate measures to prevent that data from being accessed by unauthorized people, or being stolen. In effect, you are accountable to your customers regarding their right to privacy. It's not really your data, it's theirs.
A recent report by KPMG (Small Business Reputation & Cyber Risk) suggests that over half of small-business customers would be discouraged from using a company that had suffered a data breach, and that 90% of them are concerned about the safety of the data that businesses hold about them. In short, consumers - your customers - take their data privacy seriously.
It's not just about privacy, either. The issue of identity fraud is extremely serious, and growing, and at least some of the data used by cyber-criminals to impersonate people is gathered from personal information leaked by security breaches.
The KPMG report also claims that 86% of procurement managers would consider removing a business from their supplier roster after a breach. This is also a grave statistic for small businesses who fail to take their information security responsibilities seriously enough.
Which brings me neatly to my final point, also highlighted in that KPMG report. Over half of the small businesses surveyed think it unlikely - or even highly unlikely - that they would be the target of an attack. And yet, another recent survey by PricewaterhouseCooper (commissioned and sponsored by the UK government - Information security breaches survey 2015) reports that 74% of small businesses had suffered some form of data breach in 2015.
Your customers value their privacy, and trust you to safeguard their data. It's your security that protects their privacy. If you don't take your own cyber-security seriously enough, you risk losing that trust.