Portmint Lighthouse
CoursesAI and the Law: Privacy, Disclosure & Customer Data for Small Business

The Rights Customers Have Over Their Data

Pip Lesson 6 · taught by Pip · free preview

One day a customer might email and say, "Please tell me what information you have on me," or "Please delete my data." The first time it happens it can feel alarming — like you've done something wrong. You haven't. These are normal, increasingly common requests, and they exist because customers have certain rights over their own information. Once you know the playbook, answering them is routine.

The plain idea: *the data you hold is, in an important sense, still theirs.*** A growing number of laws give people specific rights to see it, fix it, and get rid of it — and businesses are expected to honor reasonable requests.

The rights you're most likely to meet

You don't need to memorize every regulation. For a small business, three requests cover almost everything:

  • "Show me my data." A person can ask what information you hold about them. You should be able to find it and tell them, in plain terms.
  • "Fix my data." If what you have is wrong — a misspelled name, an old address — they can ask you to correct it.
  • "Delete my data." They can ask you to erase what you hold, and absent a real reason to keep it (an open order, a legal record-keeping duty), you generally should.

There's a fourth that comes up in marketing: "Stop contacting me." If someone opts out of your emails or texts, honor it promptly and completely. Ignoring an opt-out is one of the easier ways to draw a real penalty.

Why this is easier than it sounds

Here's the quiet secret: if you followed lesson 5, these requests are simple to answer. If you collected less, you have less to dig through. If you didn't keep things forever, there may be nothing to show or delete. If you used data only as promised, there are no embarrassing surprises. Good habits upstream make these requests painless downstream.

The businesses that panic over a deletion request are usually the ones that hoarded data they never needed. The ones who handle it in five minutes are the ones who kept things tidy.

Where AI fits

If your AI assistant stores conversations, those transcripts are part of "your data" too. So when you pick or run an AI tool, ask: Can I find what it holds about one customer? Can I delete it on request? A tool that makes this easy is a tool that keeps you compliant without effort. A black box that hoards everything and lets you delete nothing is a future headache. (You'll judge tools like this directly in lesson 9.)

Your turn

Pretend a customer just emailed: "What do you have on me, and please delete it." Walk through, in your head, exactly where you'd look and how you'd actually delete it. If the answer is "I have no idea," that's not a failure — it's the single most useful thing this course can show you, because now you know what to set up.

🔦 You can now handle a data request calmly. Next, the guardrails that keep your AI from ever doing the dangerous thing in the first place.

Stuck or curious?

Ask Pip about this lesson — tap the porthole bottom-right.