The Steps to Take to Protect your Customers’ PII (Personally Identifiable Information)
If you have a company, chances are you keep a log of your customers’ personally identifiable information (PII) such as names, addresses, phone numbers, credit card numbers, etc… which is readily available to perform business functions. If such is the case, what steps do you take to protect all this sensitive data? It is important to keep this information private and secure, otherwise it could end up in the hands of people who wish to do harm, whether it be financial, cyber, or another form. Leaving this information unprotected and susceptible to thieves and/or hackers could mean the loss of loyal customers and their trust, and possibly even a lawsuit. Keeping sensitive information protected and out of the hands of would-be thieves not only protects you and your customers, but it’s a good business practice as well. Let’s take a look at some steps you can take to protect this information:
- Inventory – The first step to protecting this information is to know what information you have and where it is located. In our current digital age, the majority of this information is probably on your computer. To this effect, inventory any and all electronics which store data. The next step in this process is to identify: who sends information, how your company receives and processes it, the kind of information you collect and where it is kept and, finally, who has access to it. You should focus most of your attention on personally identifiable information, as thieves will mostly use this to commit fraud and/or identity theft.
- Minimize – The next step to take in protecting information is to really consider if your business needs to keep it in the first place. If not, make adjustments to the electronics which receive information and dispose of the information securely and properly. If, however, you find the need to keep this information, only keep it for as long as necessary.
- Keeping it Secure – Once you determine the information you need to keep, be sure you have a proper procedure for doing so safely and securely. This can be done in one of the following four ways: physical security, electronic security, employee training, and the security protocols used by contractors and service providers. Whichever you choose, be sure to store the information properly and securely, keeping up-to-date with any modifications or updates on the best practices of storing information.
- Proper Disposal – When you’ve decided to get rid of data, what do you do? How do you get rid of it? You can dispose of physical paper records by shredding, burning, or pulverizing. If you’re looking to dispose of electronics which contain sensitive client information, use software to clean out the hard drives and disks where this information is stored. Be sure all employees follow the same procedures.
- Plan for the Future – Security breaches are a threat to any company and its clients. Implement an effective security plan to combat any security attack or breach. In the case of a compromised computer, the first step should be to disconnect it from the network. If a security incident does occur, investigate it immediately to determine and close up threats and vulnerabilities. Lastly, know whom to notify both inside and outside the company in the case of a security breach. This may include customers, law enforcement, and/or credit bureaus . Consult your attorney as well, as a number of states have laws and regulations in place to properly address data breaches.