Many companies store sensitive personal information such as names, Social Security numbers and credit card numbers. This data can be used to identify customers or employees. This information is often necessary to fulfill orders, pay payroll, or perform other business functions. If sensitive data is lost or stolen, it could lead to identity theft, fraud, and other harms. Protecting personal information is a good business decision, considering the potential loss of trust from customers and possible defense against lawsuits.
Five key principles are the foundation of a solid data security plan:
1. Make a list. Take stock of the personal information in your files and on your computer.
2. Scale down. Only keep what you really need for your business.
3. Lock it. Keep the information you have.
4. It is time to get rid of it. Properly dispose off what you don’t need.
5. Prepare for security incidents. Check out the checklists below to find out how your company’s security practices are doing and where you need to make changes.
Make a list. Take stock of the personal information in your files and on your computer.
Data security begins with understanding what information you have, and who has access. It is crucial to understand how personal information flows into, through, out of, and back to your business, as well as who could have access to it, in order to assess security vulnerabilities. Only after you have traced the flow of the information can you determine the best security measures.
Scale down. Only keep what you really need for your business.
Don’t keep sensitive personal identifying information if you don’t have a legitimate business use for it. In fact, don’t even collect it. Keep it for as long as you need it if your business has a legitimate reason to keep it.
Lock it. Keep the information you have.
How can you protect Discovering sensitive data personal identifying information that you keep? It all depends on what information you have and where it is stored. The best data security plans address four main elements: electronic security, physical security, employee training, as well as the security practices of contractors or service providers.
It is time to get rid of it. Properly dispose off what you don’t need.
An identity thief could find a treasure trove in what appears to be a bag of trash. Identity theft is possible by leaving credit card receipts, papers, or CDs containing personally identifiable information in a dumpster. This facilitates fraud and exposes customers to the risk of identity theft. You can ensure that sensitive information is not reconstructed or read by properly disposing it.
Plan ahead. Plan for responding to security incidents.
You can prevent security breaches by taking steps to secure your data. Nevertheless, breaches can happen.