Do you run a personal blog, maybe on Shopify or WordPress? If you have a blog, no matter where it’s hosted, if you collect email addresses from people, you need to have a data protection plan in place. Not having this critical feature could land you in hot water.
Before explaining how to implement data protection, it’s important to understand what data protection is and how it differs from data privacy.
What is data protection?
As a leader in data security, Box explains it perfectly. Data protection, also called data security, “refers to the processes and strategies related to securing data’s availability, integrity, and privacy.” Data privacy, on the other hand, restricts access to data by only allowing access by authorized users.
When you collect email addresses on your blog, you probably don’t need to be concerned with data privacy, but you do need to consider data protection.
1. Personal blogs are subject to data breaches
No website is immune to data breaches. Any website with a database can potentially be hacked and that data can be stolen and/or exposed. It can happen to any website, even a personal blog.
Are you an entrepreneur running an email marketing campaign? Do you use WordPress? If so, you’re definitely a target for hackers. Hackers use automated software to search for WordPress installations and plugins with known vulnerabilities that haven’t been updated in a while.
If you store any contact data inside your WordPress database and you get hacked, you could be in big trouble. You could even get fined for not honoring simple requests made by EU residents under GDPR.
How do personal blogs become subject to a data breach?
The most common way your blog might fall victim to a data breach is if you’re using a simple plugin to collect email addresses rather than a third-party email marketing platform.
As a precaution, never store your contacts’ data inside your WordPress database. Instead, use a secure email marketing application like AWeber, Constant Contact, or MailChimp.
2. Mishandling data comes with hefty fines
You never know when a regulatory agency will impose a fine on you for a data breach. It usually depends on what data was compromised and the severity of the consequences, however, you can end up in big trouble in other ways.
For example, in 2019, CafePress was hacked and data belonging to millions of users was exposed. The exposed data included email addresses, passwords, home addresses, social security numbers, and even security questions and answers. Instead of addressing the issue, CafePress patched the security flaw, but never told users about the breach until it was revealed through the press.
A similar issue occurred in 2018 when shops were hacked and CafePress responded by closing the accounts and charging the shop owners $25 to close their account. The company also misused email addresses for marketing purposes contrary to what they promised users when they signed up for an account.
As a result of these issues, the Federal Trade Commission (FTC) fined the former owner of CafePress $500,000. The lesson? You can get in just as much trouble for mishandling data as you can for covering up mishandled data.
Although it might be difficult, if you ever realize your blog has been hacked or compromised in any way, it’s critical to tell your customers if their data has been exposed.
3. You might get sued
Say your blog gets hacked and your user data is exposed or stolen. Even if you manage to escape getting fined by a regulatory agency, there’s still a possibility that individual people might sue you.
If you’re a relatively unknown blogger, the potential for a lawsuit is probably slim. However, if a data breach leads to tangible consequences for one of your users or customers, and they can prove damages, you could be in big trouble.
When someone can prove damages, they could have a case against you regardless of how their data was stolen or exposed. Even if they’re the only person whose data was compromised, if they can prove damages, they have a chance at winning a lawsuit against you.
Take security seriously – bloggers aren’t immune to cybercrime
As a blogger, you have a duty to take cybersecurity seriously when you collect information from your customers or subscribers. You may not be officially running a business, but if you’re collecting information from people, you need to implement the same type of security you would for a business.
Speaks from heart, always too passionate and driven by emotions. Spins the words with kindness & sharpness, intriguing your ever-inscrutable minds.