Regardless of the size of your business, you are going to be handling the kind of customer information that could prove harmful in the wrong hands. Social Security and credit card numbers are prime targets for thieves if the proper safeguards aren’t put in place to keep them out. If there is a data breach and thieves do get their hands on sensitive information, it can be crippling for your business’s reputation and could result in a lawsuit.
The Federal Trade Commission recommends that you determine from the beginning what kind of information you are going to hold so that you always know what you have and how to properly protect and dispose of it when necessary.
Assessing Your Information
The first step that any business should take toward data protection is to conduct an audit of all the customer personal data to which it has access. This is so that you can get an idea of the flow of information in your company, eventually allowing you to find any vulnerabilities.
Some of the common things you should check that hold this kind of information include any inventory or home computers, storage disks, flash drives, file cabinets, cell phones, fax machines and websites. Follow this up by speaking with business personnel who regularly access this data so that you can get a clear idea of who has access to what.
How Much is Too Much?
Once you know the kind of information your business handles and the methods by which it flows through the business, it’s time to do an assessment of which pieces of data are necessary for your operations. If you don’t need something or only need it temporarily, it’s best to get rid of it as soon as possible, as it presents an avoidable risk.
Some ways you can minimize the amount of data your company handles is to only use Social Security numbers for legal purposes. Shorten credit card receipts to the final five digits and make sure the system you use to process credit card information isn’t also saving it.
Because there are so many different types of businesses, there isn’t a single cure-all approach to keeping customer information secure. There are several different factors to take into account here, including the kind of data that’s being stored, how it’s being stored and the people with access to it. A comprehensive data security plan deals with physical and electronic security, personnel training and familiarization with the practices of any business partners or service providers.
Trimming the Fat
Despite the fact that identity thieves have found new methods of practicing their craft, there is still plenty of physical documentation that goes into the garbage and poses security risks. Many businesses throw away everything from credit card receipts to old discs and computers without properly destroying them. Create an intuitive disposal program for your employees to use that involves shredders for smaller items and wiping programs for computers.
If the Worst Should Happen
Much like natural disasters, you hope that your business will never experience a breach of data security. However, it is still highly advisable to have a plan in place should one occur. Regardless of how much you invest in security, there are always going to be ways in which it can fail, which is why it is important to have a strategy. Some of the common ways of doing this include:
The bottom line with all of this is to not wait. The more proactive you are, the less likely a data breach is to adversely affect your business.
The content on our website is only meant to provide general information and is not legal advice. We make our best efforts to make sure the information is accurate, but we cannot guarantee it. Do not rely on the content as legal advice. For assistance with legal problems or for a legal inquiry please contact you attorney.