How safe is the confidential customer information your company keeps? The Privacy Rights Clearinghouse says that, since February 2005, the personal information of 88 million people has been compromised by data security breaches at companies or government agencies.
Although some significant data security breaches involve computer hacking by outsiders, a surprising number of breaches are the result of insider conduct—either intentional information theft or, more commonly, employees’ casual handling of confidential information about customers and other employees.
The effect of a data security breach on a business can be significant. Legal claims against companies from which identifying information has been stolen are increasing. Most cases claim that a company failed to take reasonable steps to safeguard personal information, or that it falsely represented that personal information would be protected.
Some Minnesota businesses have a legal duty to report data security breaches to individual victims. Individuals or organizations that own or license personal information must disclose security breaches of computerized data to all Minnesota residents whose personal information has been, or is reasonably believed to have been, disclosed to an unauthorized person. Similar laws are on the books in 22 other states.
Although high-tech solutions, such as encryption and network security, are a necessary part of any data security system, many of the steps businesses can take to protect confidential information are remarkably low-tech.
Adopt a data security policy
You should have a policy regarding information-handling practices. It should include safeguards for handling paper and electronic documents that contain confidential information. Some secure practices include: keeping documents in locked cabinets or secure databases or files, limiting access to the documents and shredding documents when they are no longer necessary.
The policy also should include serious consequences for employees who fail to safeguard the company’s confidential information. The main targets of identity thieves are Social Security numbers, birth dates, driver’s license numbers, financial account numbers and personal identification numbers.
Train all employees on your data security policy and their job-specific obligations under the policy. Executives and supervisors should make it clear that maintaining data security is an essential company objective and that all employees are expected to follow the policy.
Do what you say you will do
The only thing worse than not having a policy is not following the one you have.
If your company tells customers and employees that their personal information is secure, make sure those representations are accurate. Conduct regular audits and spot checks to ensure that employees are complying with the data security policy. Strict penalties should follow any breaches.
To encourage security compliance, reward employees and departments for “best practices.” In addition, ensure that you have adequate electronic safeguards in place. Some companies even hire “hackers” to check network and web site security.
Check the backgrounds of all employees who will have access to confidential personal information. Background checks may help stop an identity thief before he or she is hired.
Safeguard portable devices
Laptops, mobile telephones, BlackBerrys and other portable electronic equipment are attractive to thieves. Either restrict employees from accessing or storing confidential information on these devices, or make sure that technical safeguards are in place to prevent a third party from accessing confidential information if a device is stolen.
Limit the data you have
Companies should collect only the personal information they need, and should only keep it as long as necessary. Implement and follow document destruction policies. Destroy personal information in a way that preserves confidentiality through shredding or the electronic equivalent.
Responding to security breaches
Despite your best efforts, data security breaches can occur. To deal with that possibility, develop a crisisplan. The plan should include steps for sealing the breach and preserving evidence that may be useful in a criminal investigation. If a breach occurs, immediately call legal counsel. He or she can help determine whether you must or should go public with the news.
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/5141/identity-theft-and-liability-how-to-reduce-the-risks-facing-your-business "