How To Keep Your Customers Data Safe: A Business Owners Guide
These days there are so many reasons to be careful of your customers’ data as there are so many examples of data being misused in identity fraud cases. Data is a valuable commodity, not just to criminals but to marketing agencies and you also need to be aware that you are not using your customers’ data yourself or passing it on to third parties without their permission.
Know The Law
Although it should be stressed that knowing your legal responsibilities that it not where you should stop. The law will vary from place to place so check what you are required to do, such as complying with GDPR in the EU meaning that organizations cannot keep data against the customers wishes at all and must safeguard it, in the USA it varies from state to state but broadly similar legislation is coming in such as the Californian Consumer Privacy Act (CCPA).
Have An Employee Code Of Conduct
The first thing to do is make sure that everyone who works for you knows what their duties and responsibilities. All employees should be taken through at least a basic data privacy training regime and a Code of Conduct should be in writing and distributed to all new and existing employees. This should include not letting others use your login or terminal, only using official company systems and not saving sensitive data on USB flash drives or transmit via insecure messenger systems or personal email addresses, remember all the bother Hilary Clinton got in by using a personal email address for work, don’t be a Hilary!
Be Sure Data Is Properly Deleted
Be sure data is properly deleted as even if a file is deleted, it’s not necessarily completely deleted and recovery software can quite easily restore and recover this data, even Microsoft Office can do this to an extent. So it’s important to ensure any deletions are permanent and this can be done by using a data destruction specialist who will ensure that further down the line no-one can find one of your old machines or hard drives and mine the data from them, as you would be liable for this breach as well as the criminal.
Consider Offline Data As Well
Offline data may be on offline machines, for security reasons or just on storage devices. Make sure you have a system for tracking this, any offline copy of a customer’s data should be known about and logged so that it can be accessed or even deleted if requested. This also includes physical copies of documents as well, and physical document safety has two main issues, are they safe from being seen by the wrong people and are they safe from damage such as fire, flooding, etc, so make sure the location is accessible only by those that need it and safe.
Make Things Clear For The Customer
Finally, it is good practice to make absolutely clear to the customer what their data is to be used for, by whom and in what way it will be stored.