• Home
    Home We Serve America's Restaurants Representing nearly 500,000 restaurant businesses, we advocate for restaurant and foodservice industry interests and provide tools and systems that help members of all sizes achieve success.
  • Foundation
    Foundation Building & Retaining Talent The NRAEF is focused on developing a stronger workforce and building the next generation of industry leaders through education, scholarships and community engagement.
  • Show
    Show May 18-21, 2019 As the international foodservice marketplace, the National Restaurant Association Show provides unparalleled opportunities for buyers and sellers to come together, conduct business and learn from each other.
  • ServSafe
    ServSafe Minimize Risk. Maximize Protection. For over 40 years, ServSafe® training programs have delivered the knowledge, leadership and protection that have earned the trust and confidence of business leaders everywhere.

National Restaurant Association - Big data, big responsibilities: Protect guests’ privacy

Skip to navigation Skip to content

Manage My Restaurant

Big data, big responsibilities: Protect guests’ privacy

Big data comes with big responsibilities. If you collect data about your customers, you have a responsibility to protect that data so it can’t be used later for identity theft or other fraud. You should collect, use and store guest data in compliance with applicable laws, regulations and best practices.

Setting standards for protecting customer privacy includes, but isn’t limited to, letting your guests how their data is being used. You need to let guests choose whether they want their data to be tracked, and let them know the data you collect is stored and adequately protected. Here are four steps to help you set privacy standards: 

  • Develop a privacy policy and privacy notice. A privacy policy is your restaurant’s internal governance document, designed to guide the people who handle and manage data collection and analytics in your business. Your policy should outline the steps your company will take to respond to customer opt-out requests in a timely fashion. And it should spell out how you will inform guests about data breaches.

    A privacy notice is a public statement that discloses the information your company gathers, how you collect it and use it, who has access, whether you disclose it to third parties, and if so, for what purpose. You should post it on your website, at a minimum. Describe how customers can opt out of having their information tracked and collected. The opt-out process should be easy, allowing guests to call a toll-free number or send an email.
  • Comply with the standards you’ve set. Regularly audit and refine your privacy policy and notice.
  • Investigate third parties. If you use third parties to collect or analyze guest data, ask them about their data-protection measures and whether they adhere to applicable laws, regulations and best practices.
  • Understand the law. As data breaches grow more common, more states are regulating in that area. Make sure you know the laws and regulations about breaches that cover your customers. Respect for customers’ privacy isn’t just good for your business and your reputation. Often, it’s the law. Consulting with legal counsel about your obligations will protect both your business and your customers.

For more information about formulating a big data strategy, download our free guide, Big Data and Restaurants. To learn more about implementing an enterprise-wide cybersecurity program, read our free Cybersecurity 101: A Toolkit for Restaurant Operators.

▲ Back to Top

Meet Business Needs


Find Health Care Solutions

Health Care HQ 2017


We're glad you're here!®

® 2012-2017 National Restaurant Association. All rights reserved.

2055 L St. NW, Suite 700, Washington, DC 20036
(202) 331-5900 | (800) 424-5156