By the time customers have decided on their items to purchase from their preferred online store, the excitement can easily overshadow any data concerns. Without thinking twice, customers share their personal information to receive their purchased item. But what happens after the last-mile delivery? Who decides when to discard personal data like home addresses, e-mail addresses and cellphone numbers?

How long can I keep customers’ personal information?

Holding on to customers’ personal data can compromise a company’s reputation if there is a potential data breach in the future. Therefore an e-commerce company must get rid of sensitive personal information as soon as possible. Locate2u CEO Steve Orenstein works with many businesses from a a wide range of sectors. He believes companies are already at risk if the store it for longer than a month. “After four weeks all that data should be anonymized. If you don’t hold on to the e-mail address, or phone number, then a data breach can’t occur.”

He believes customers are oblivious to the safety risks involved. “I think it’s one of these things that most people don’t realize. The amount of data your logistics account actually hold.”

There is no doubt that safety regulations have to change in the delivery space.

Should I worry about my personal information during a data breach?

In the last 3 years a popular US delivery company DoorDash had fallen prey to hackers who obtained access to customer’s information. As recently as last year attackers accessed their database with names, email addresses, delivery addresses and phone numbers.

More recent, courier company UPS received a 228 000 AUD fine for leaving parcels with customers’ neighbors. It breached data protection regulations. In one specific case the Spanish Data Protection Agency (AEPD) found that a driver left a parcel at a commercial property next to the arranged address. The recipient was not home at the time and received a notification via text message. On the parcel was a note which contained the recipient’s full name, telephone number and address. The AEPD considered that exposing this personal information, breached data protection laws.

How to respond to a data breach

Step up security immediately: Contact any third party vendors and employees to explain what went wrong. What tactics were used? Alert them to report any suspicious activity for a period of time. 

Consult cyber security experts: Call in experts who work with these levels of data breaches immediately. Take steps to soften the blow and ensure that the hackers don’t access more sensitive information.

Be transparent and inform customers and authorities: Keep customers informed about what could have happened and be as transparent as possible. Inform authorities to launch an investigation.

Cooperate with investigators: In case there are other companies who have fallen prey, it could help authorities to track down the criminals easier.

Learn from mistakes to prevent a repeat: Don’t stop increasing security when the threat is over. Continue to implement long term solutions to prevent vulnerability in the security systems. 

Drivers’ responsibility with personal data

Drivers should never leave a parcel unattended, or with a third party without the necessary approval. Retailers and e-commerce businesses should ensure their drivers have consent beforehand.

Orenstein explains how to get around the problem quite easily. “A one-time-pin gets sent to the recipient. That pin number needs to be given to the delivery driver to allow the release mechanism to be completed on the delivery drivers’ mobile device. That’s a really good way to make sure that products are actually being received by the person who’s receiving that product.”

How can I ensure customers personal data is safe

Delivery platform Zoom2u implemented a system that ensures the minute the parcel is delivered to a customer, a text message is send to the recipient. It will ask for feedback on the service just rendered by the driver. With live feedback it’s easy to detect a problem and customer care can resolve it as speedily as possible.

About the author

Mia is a multi-award-winning journalist. She has more than 14 years of experience in mainstream media. She's covered many historic moments that happened in Africa and internationally. She has a strong focus on human interest stories, to bring her readers and viewers closer to the topics at hand. Do you have a story you would like her to expose, report on, or consider? Please send your request to Newsdesk@locate2u.com.