Focus on what counts

The Digital Challenge for Restaurants to Protect Customer Data

Digital Privacy and Security

NIBBLES - Restaurant & Hospitality Newsletter
October 5, 2018
view all archive

PRIVACY: The Digital Challenge for Restaurants to Protect Customer Data


Customer privacy involves the handling and protection of non-public personal information that individuals or third-parties provide to your restaurant during various transactions or interactions. In addition to point of sale transactions, this might include taking reservations, issuing gift cards, or sending out customer communications.

As the Internet has evolved into a medium for e-commerce and marketing, consumer data privacy has become a growing concern.  Some restaurants might have a handle on their transactional customer data, but what about the marketing side of the business?   

Privacy Legislation with respect to customer and consumer data, especially for marketing, has moved to the forefront of high risk areas, and it could have a financial impact on restaurants. The consumer privacy rights legislation impacting marketing today is not just for a specific state or industry.  Following in the path of security legislation, the federal government, and individual states, are moving forward on privacy legislation.  Privacy laws will soon require restaurants to obtain consent from individuals to collect and use their data, and then disclose how the restaurant will use that data. This will have an inordinate effect on restaurants.  At this time, any number of the following privacy areas could affect your restaurant:

How can your restaurant prepare for the onslaught of state and federal privacy regulations?

The first step is to rethink your marketing data collection strategy.  Using third-party data, be it well-intended, brings up questions around the source of the data.  If the data was collected in a non-compliant way, or consumers did not give their consent to use the information, it will be illegal for your restaurant to have access to the data or use it for marketing. Instead of renting data, consider taking ownership in building your own marketing database. By collecting the data, restaurants can guarantee they are collecting it from consenting individuals. First-party data is erupting as a way to comply with the privacy regulations, and is a significant competitive advantage.

Most restaurants do not know what consumer data they have and how it is being used. For a restaurant, it is critical to understand how your business transmits, stores, shares, analyzes, protects, and even disposes of consumer data. To prepare for the requests that may come due to the new privacy laws, restaurants need to start now taking inventory of their consumer, and customer data, used for marketing on their information systems and personal devices – and yes, documenting how it is transmitted, where it is stored, with whom they share the data, what analysis is run on the data, how the data is protected, and how the restaurant is disposing the data.

Restaurant owners need to take a tactical approach. For example, data can be stored in physical and electronic data silos, such as workstations, mobile devices, thumb drives, back up tapes, and even on CDs – in such places as data centers, closets, drawers, staff member’s home, and other off site locations. This will, no doubt be a monumental task.

As you develop this inventory, consider disposing of consumer data that is not necessary for business, or that you cannot show consent. This is also a good time to reduce the number of locations where the data is stored, and the processes that analyze and transmit the data. The more you ‘rope in’ the consumer data, the more you reduce the in scope environment for complying with the privacy and security regulations, which in turn reduces the risk of a breach, and the costs associated with compliance.

Privacy laws require businesses to have the right processes in place to manage their consumer data. Your restaurant needs to be able to share that with your consumers so that the consumer can have confidence that you're actually managing their data securely.  Privacy laws aside, having good data collection practices means better targeting for your restaurant, which leads to effective marketing.

For more information about consumer privacy, visit