By some estimates, consumers are more concerned about identity theft than the theft of their cars, wallets, purses, or cell phones. And with good reason: If your identity is stolen and the perpetrators open credit accounts in your name, it can take years to straighten out the mess, during which your credit rating could be trashed. Until very recently, police departments, credit bureaus, banks, lenders, and other interested parties were not equipped to deal with identity-theft-related crimes, and often put the onus on the victim to do most of the legwork in reaching a resolution.

That situation is improving, but the prospect of identity theft is still quite scary for most people.

Data Breaches and Reputation

It seems that every week there are reports of high-profile data breaches affecting businesses large and small, not to mention governments, nonprofits, and healthcare entities of all kinds. People do notice these breaches, and a recent survey of American consumers indicated that many will not continue to do business with an organization that has suffered a major data breach, for fear of being victims of identity theft. Some businesses are better able to deal with the fallout than others; the Target and Home Depot retail chains are still going strong, and Sony Pictures is still making movies. However, smaller businesses are less able to survive an outflux of customers—in fact, 60% of small- and medium-sized businesses that are hit with a successful cyberattack fail within six months. Reputation is both important and fragile, and having a reputation for being lax with customers’ personal data can damage or destroy a business.

Healthcare providers, such as doctors, dentists, clinics, and other segments of the medical industry, are particularly vulnerable, because patient medical records command high premiums on the black market, even more than the credit cards, driver license numbers, and Social Security numbers normally associated with identity theft.

Protecting Your Reputation

If your business has not suffered a data breach, you either have your act together regarding data security, or you’ve been extremely lucky. Either way, now is not the time to rest on your laurels. It takes only one breach to put a serious dent in your ability to continue as a going concern.

Here are some things you can do now—before a breach happens—to protect your reputation and reassure your customers that their data is safe in your hands:

• Privacy policy: You should have a no-nonsense, easily understood privacy policy that clearly defines what types of data you retain and what you will and won’t do with it. Most people won’t examine such policies carefully, but it’s reassuring to them to know you care about their data and will work to protect it.
• HIPAA compliance: In the U.S., medical records are protected under the HIPAA data-security regulations. Again, patients want to know that your office is in compliance with these regulations, even if they don’t want to go too deeply into the details.
• Other data-security compliance: Depending on the industry you’re in, there may be other government or industry data security standards that you must comply with, such as the Payment Card Industry Data Security Standard if you accept credit cards as payment.
• Security audit: Policies go only so far; customers also want to know what practices and technologies you have in place to protect them from identity theft. You should be able to provide evidence, preferably from a third-party security consultant, that your security stance is up to date and up to the task.

Of course, this all means you actually need to do what you’ve said you do, so all of the usual data security measures still apply. The good news is that by being able to demonstrate that your data security practices are sound, you may have an advantage over competitors who can’t.

It’s not inconceivable that sometime in the near future, your reputation, and your ability to do business, will depend as much on your reputation for data security as on your educational credentials, licensing, years in business, and Yelp reviews. Now is the time to get ahead of that curve and establish those bona fides. Identity theft is not going away—your customers depend on you to protect their sensitive financial and medical information. Don’t let them down.