If you operate a financial services company, which falls under the jurisdiction of the Federal Trade Commission (FTC), you may be subject to FTC Safeguards Rule (the rule). Compliance with the rule requires you to have information security plan that stipulates how the business protects sensitive customer information you can handle.
For many companies, write compliant information security program is relatively easy. The challenge lies in the implementation of policies and avoid the consequences of non-compliance.
There are many methods to handle data security compliance. The following are seven simple tips to help make the task of implementing information security program manageable:
1. Do not be a data hog . Business clutter not only occupy unnecessary amount of space; it complicates the task of monitoring and protection of information. Eliminating clutter will help you plan to protect sensitive information.
2. Collect only what you need . Be specific in your request for personal information of the customer. In short, if you do not use the company for information, not collect.
3. Dispose of sensitive information properly . The FTC Disposal Rule requires companies to accept disposal methods that prevent unauthorized access to and use of information in credit reports. Simply dumping paperwork containing sensitive personal information is not an option. Shred, burn or crush the papers to keep them from prying eyes. If you plan to give the old computers, notebooks and other data storage devices, use the appropriate wipe utility programs to clear them out to prevent later retrieval irrelevant.
4. involve employees . This falls under the heading creating the culture of safety in your business. Create information policy of the Company is the responsibility of management. Making safety part of daily business requires the full participation of employees.
5. Limit access . This means investing in state-of-the-art security software and applications in which sensitive data pages “hacker proof”. It also means to restrict access only to employees who have limited data to perform specific business obligations. If your company stores sensitive information in drawers and filing cabinets, secure them with locks.
6. Know your contractor . These days, outsourcing is inevitable in the course of doing business. However, each external source may have a clue about information security program. Before you outsource your web hosting, IT services, payroll, call center operations and other business needs, confirm the safety practices of the vendors – which includes contractors to participate to shred paperwork your business.
7. Have an emergency repair program . Given the complexity of today’s business environment, business can not always possible to prevent information security violations. In the event of a violation, damage control becomes critical. You might have to notify customers, law enforcement agencies, credit bureaus and other businesses affected by the breach. Having an action plan in place will facilitate the management of your security breach.
personal information protect the customer is a legal requirement. Information makes good business sense. Implementing simple low-tech tips, such as those proposed in this article will help compliance with the law. It will also help to build trust between you and your customers.