Database Security 101: How to Protect Client Information

The FTC Rule Change has prompted a reevaluation of non-compete clauses which likely hold no validity and are ineffective in safeguarding salon client databases. Salon owners often use these agreements under the misconception that they protect client information and prevent competition. Learn the right way to protect your salon's client data.

In the wake of the FTC Rule Change, I’d like to tell the salon owners in the room to sit the hell down and take a breath. Your non-competes were likely never valid to begin with, and even so, non-competes were never the best choice for protecting our salon’s client databases.

Why Salon Owners Use Non-Compete Agreements

A salon’s most valuable asset is its client database. We spend years building it, investing both time and money into its growth. As salon owners, adding to this book is a huge part of our job. It’s one of our core responsibilities. The salon’s success (and everybody’s paychecks) depends on it.

As salon owners, we have a duty to our clients to protect their contact information.

In the past, many salon owners required employees to sign non-compete agreements, assuming that the agreements would not only protect their client information but would also prevent their employees from working for or becoming their competition. 

The vast majority of the contracts I’ve reviewed over the course of my consulting career were not professionally written and would never hold up in court. Most were signed by independent contractors who were not actual employees, so the contract served as nothing more than proof that the salon owner was misclassifying their workers and trying to exert control with the threat of legal action. In the overwhelming majority of cases I’ve been involved in, the salon owner who wrote their own non-compete obviously did not understand that the agreement needed to be specific and reasonable to stand a chance at being enforceable. 

A contract prohibiting a salon professional from working “at any beauty-related business anywhere in the state for a period of 10 years” isn’t reasonable.

In addition to being a poor strategy for securing client data, non-competes foster resentment. Professionals don’t trust employers whose first move is to prohibit them from working anywhere else. A good deal of professionals sign them anyway, knowing they aren’t likely to stand up in court. It’s past time for all of us to stop playing this game.

Taking Data Protection Seriously

In an era where personal information is valuable and people are scared to share their email or phone number with every business that asks for it, each name on your client list is a small victory of confidence and good faith. In general, people with any level of tech-savvy are worried that anything they sign up for will lead to spam texts and scam calls. When clients are willing to share their info with you, you must treat it as a sacred trust. To keep that trust, you need to make sure that you are following proper security protocols when it comes to protecting your client list.

Any information a client provides to the business belongs to the business, and as the business owner, it is your job to keep that information secure.

Data theft prohibitions provide a clear and enforceable solution. They align with existing confidentiality and intellectual property laws, making them much easier to defend.

You’ll need to find an attorney, preferably one who specializes in employment law. They will ensure your agreements are legally sound, enforceable, and tailored to comply with your state laws. Once you’ve found someone qualified, explain that you require both a data theft protection agreement and a non-solicitation agreement.

Prohibiting Data Theft

A data theft protection agreement (also known as a data security agreement, data protection agreement, or data security agreement) will prohibit employees from stealing confidential client information. Before meeting with your attorney, get your needs and preferences on paper. This will help them understand the purpose of the agreement and hopefully reduce the amount of consulting required before they begin composing the draft.

Define what constitutes data theft. Your agreement should explicitly prohibit the following actions regarding the salon’s client database:

  • Downloading
  • Copying
  • Photographing
  • Transferring
  • Printing
  • Accessing for Personal Use
  • Sharing 
  • Altering with Malicious Intent

Provide notice of intent to prosecute violators. Make the consequences clear up-front. Any violation of the policy will result in disciplinary action, including termination of employment and prosecution for data theft. 

Require a signature. The agreement requires its own separate acknowledgment (“By signing, employees agree to comply…” yada yada, you know how it goes) and its own date and signature fields. Don’t merely stuff it into your employee handbook. Make sure to get that separate acknowledgment of receipt. 

Prohibiting Solicitation

With the data theft prohibition, you’ve made it clear that you consider information theft a crime and that you’ll exercise your legal rights to the fullest—now go a tiny bit further. Ask your trusted attorney to also write a non-solicitation agreement.


We’re running professional businesses. Again: clients have entrusted you with their contact information. Nothing looks more unprofessional than a disgruntled former employee emailing everyone on your list, or—god forbid—making phone call after phone call to “inform” clients that they no longer work for you. And nothing feels worse than an employee secretly convincing half of your employees that they’d be “better off” working at the new salon they’re opening right down the street. 

A non-solicitation agreement prohibits any employee from attempting to lure the salon’s clients and employees from your business.

Define what constitutes solicitation. Just as with the data theft prohibition, this agreement should first define solicitation. Generally, solicitation refers to “any attempt to encourage, entice, or request clients or employees to leave the salon or do business with a competitor.” (Make the attorney who writes this for you work for their money by ensuring that the terms are in alignment with any guidelines in your jurisdiction.) 

Prohibitive conduct should include:

  • Using any confidential information, including client contact information, to solicit business, and
  • Encouraging or inducing any employee to join a competing business.

Acknowledge the employee’s obligation to keep proprietary information confidential. By signing, the employee is affirming that they are obligated to keep client lists and all contact details confidential and to never use such information for the purpose of solicitation.

Outline the consequences. Have your attorney guide you here. Legal remedies vary based on state laws and judicial interpretations.

Protecting Your Assets

These two agreements secure your legitimate business assets without unnecessarily restricting a worker’s ability to participate in the workforce. So long as the professional has agreed not to steal client data or solicit clients, you shouldn’t care if they take a job at the salon across the street.

Ethical salon owners do not hold industry professionals or clients hostage.

If you want to know how to handle the clients without looking sloppy or petty after a popular, established professional leaves, read my article: Who Do the Clients Belong To?

How to Secure Your Salon’s Client Database

Your client database is your salon’s most critical asset—protect it like it’s your social security number.

Control access. The management software you’re using should come with some kind of usergroup permissions controls. Generally, these systems allow you to categorize users by access level, ensuring that employees have access only to the information they absolutely need to have access to. 

  • Salon professionals only require access to their schedule, which should show the client’s name and the service they’re booked for. If the software allows you to control report access, you may allow them to access their personal performance reports (but not those of any other employee). Professionals should never have access to client contact information or the ability to access/download the client database.
  • Receptionists only require access to the schedule and client phone numbers. They should not have access to client email or home addresses, nor should they have the ability to access/download the client database.
  • Salon managers require access to the majority of the software’s features, particularly employee scheduling and reports. They may require access to the salon’s client database, but they should never have access to features that allow them to download databases or manipulate administrative settings.
  • Only salon owners require full admin access. As the salon owner, you should be the only user capable of accessing everything. Nobody else should have your password. Every time you leave a device, you must ensure to log out, requiring the next user to log in.

Getting Serious About Tech

If you’re like many of the clients I consult for who are only now moving from cash boxes and huge desk calendars to digital card readers and sleek tablets, you might be feeling overwhelmed by the software options available and how to configure them. 

Don’t feel bad—you aren’t the only salon owner who can barely operate their own email, let alone a sophisticated salon management software program. 

As a career salon manager and a salon owner myself, I’m extremely informed about and experienced with the majority of the industry’s leading systems. Book a consulting appointment today and I’ll be happy to help you find the solution that’s best for your individual business. I am not affiliated with any of the salon software companies (despite how hard all of them have tried over the last fifteen years), so all of my opinions and endorsements are fully based on my personal experience.


Stop pulling your prices off your competitor’s brochures—or worse—out of thin air. Get the beauty industry’s most comprehensive and accurate pricing and compensation calculation tool and get profitable today!


A wealth of information and tools for self-employed professionals! If you rent a booth or suite, operate a home facility, or freelance, you can’t afford to go without The Microsalon Owner’s Complete Business Toolkit.


Do you rent space to beauty professionals? The Salon Landlord’s Toolkit contains a comprehensive guide to rental salon ownership, a rent calculator, and a lease component checklist!


Everything a salon owner needs to know about how to attract, recruit, train, and retain top talent—including how to design job descriptions, compelling employment ads, and fair employment agreements.


A 55-page PDF with everything you need to understand why certain policies may be required, who should and shouldn’t implement them, and when and how to introduce them in your salon.


The Salon Employee Suitcase makes income tracking simple, no matter how complicated your employer’s compensation structure is. Learn your rights and ensure every paycheck adds up.


Planning to start a beauty school or host classes? Account for your overhead costs and will automatically calculate your prices! Test different price points to evaluate your profits per term and per year.





Leave a Reply

Your email address will not be published. Required fields are marked *