In an age where massive data breaches and compromised passwords are increasingly common, customers want to know their personal data is safe with the companies they trust. A big company like Google or Yahoo might be able to survive their customers’ data being compromised, but small business owners might not be so fortunate.

Think customers don’t care about their privacy? Think again. A Harris Interactive poll shows that almost 90 percent of consumers in the United States have avoided doing business with a company because of privacy concerns. Here are some practical steps you can take to protect your customers, build trust, and prevent (or handle) major data disasters.

Create a Company-Wide Policy

Keeping customer data safe is more than just an IT problem. For maximum security, you need to make every employee in your organization responsible for protecting and securing data. Identify the weak points in your company’s security practices, such as BYOD (bring-your-own-device) policies. Are your employees keeping corporate data on their personal smartphones? Do you have a policy in place for dealing with that? One employee bringing in a malware-infected laptop could create a company-wide problem that even your IT department can’t fix.

Keep Customers Informed

When it comes to their private data, one of the best ways to build customer trust is to keep them in the loop. If you haven’t created a privacy policy in place for users of your website or services, you should put one together. Get prior consent from customers about the privacy of their data. Keep abreast of information security news and pass it along to your customers in your regular newsletter. Make sure there is some sort of forum or outlet for you to hear and respond to customer complaints in a timely fashion. Create a plan for informing them of possible data breaches or compromised security. Which leads us to our next point…

Create an Emergency Plan

Strong passwords and a comprehensive data security policy is a great start — but you have to work on the assumption that an issue like a data breach or government subpoena is inevitable. Have proper policies in place for when the worst-case scenario occurs, and keep your employees briefed and up-to-date on what those policies are. This will lower the odds of a costly PR problem should a crisis arise.

Avoid Storing Sensitive Data

Unless there’s a great reason to hold onto it, sensitive data such as credit card numbers, CVV2 numbers, and other sensitive data are best purged from your system. After all, this information can’t be stolen if you don’t have it in the first place. Purge records on your customers regularly unless you have strong, compelling need to hold onto that data.

Audit, Update, and Repeat

Once your data security policies are in place, they should be audited and re-evaluated on a regular basis — yearly, if not more often. Encourage employees to trade old strong passwords for new passwords. Track how customer data is being collected, and decide if that information needs to be held onto. Shred sensitive documents and purge unnecessary data from your servers on a regular basis.

No one relishes the thought of a security breach or government inquiry. But being prepared for the worst-case scenario can not only help limit the damage done to your company, but secure customer trust. That’s a valuable commodity no business owner can afford to ignore.

Read more: