How to Be Ethical and Responsible When Collecting Customer Data

May 7, 2019 | Security + Integrations, Tips and Best Practices

Data security regulations are growing stronger and more pervasive than ever, meaning business professionals that engage in collecting customer data need to do so in a responsible manner and be aware of any consequences of not properly collecting this data. Whether your organization is bound by requirements such as HIPAA or the GDPR or not, using good judgment and transparency when collecting personal data is a must. When creating a new web form, start by considering these three tips.

Don’t Ask for More Data Than You Need

When it comes to collecting customer data, more data isn’t always better. After you collect a piece of data, it’s up your organization to keep that data secure, especially if it’s PII (personally identifiable information) or other sensitive data, such as social security information or PHI (protected health information).

When you collect only the data you truly need, you have less sensitive data to keep track of. It’s best to consider if information is truly needed before you ask your customers to provide it. If you need more control and governance over your sensitive data, a feature like FormAssembly’s Sensitive Data Management can be beneficial.

Pay Attention to Applicable Regulations

If HIPAA, GDPR, or some other data privacy/security regulation applies to you, there may be a whole host of other requirements. These regulations may include what data you can collect, how you must collect, what kinds of data collection platforms you can use, and more.

Learning about these regulations, however dense or onerous they may be, pays off in the long run as it can help you avoid large fines and other consequences.

Practice Transparency with Customers

The GDPR requires organizations or entities collecting data to be transparent about who they are, how a respondent can contact them, why they’re collecting information, and more. For organizations not bound by the requirements of the GDPR, this is still an excellent way to practice good data stewardship.

By providing enough context about who you are and why you need your customers’ data, you can put customers at ease and establish yourself as a trustworthy company.


Good data stewardship should be a goal for all organizations, regardless of size, location, or industry. Implementing these practices and taking control of your sensitive data are a solid place to start.

Pin It on Pinterest

Share This