Organizations should protect the confidentiality of the personal information of its customers, employees and others from unauthorized access, whether stored electronically or on paper. Breaches not only lead to identity theft, but can be costly to companies who experience a breach and damage their reputation.
Here are just some “best practices” safeguards that your company should be following:
1. Collect the minimum amount of personal information (SS, DL or ID card numbers; financial account numbers and PINs; medical or health insurance information, etc.) necessary, and retain it for the minimum time necessary.
2. Make an inventory of the types of personal information in your company’s possession and all places it is stored.
3. Restrict and monitor employee access to personal information, and allow access to only the personal information necessary for an employee’s job responsibilities.
4. Use technological safeguards, including encryption where possible, to restrict access to personal information, paying particular attention to any personal data on laptops and other portable devices.
5. Promote awareness of security and privacy procedures and policies through ongoing employee training and communications.
6. Review your security plan at least annually or whenever there’s a change in business practices that may affect the security of personal information.
7. Upon departure of an employee, make sure all access is immediately eliminated.
These are just some of the steps your company should be following to prevent a breach. If you’re worried that your company is at risk of a privacy breach or has experienced one, contact us today on what you should do.