Most organizations want to do the right thing and are interested in proper controls. Some may just feel overwhelmed by the day-to-day demands of business. A survey performed by CIO magazine found that 14% of respondents said their company had not taken any steps to protect customer information. If you are one of that 14%, take a look at these five basic steps to help get your data protection strategies off on a proactive footing:
- Review state and local laws: First examine any state or federal data protection laws that your organization may be subject to and make sure you are compliant. Some states, such as California, have strict
Requires Free Membership to View
When you register you’ll also receive the latest news, advice and technical tips designed specifically for midmarket IT leaders like yourself. Our award-winning editorial team will give you immediate access to emerging business and technology trends.
Scot Petersen, Editorial Director, SearchCIO-Midmarket
- privacy laws dictating businesses responsibilities while in position of customer information. More than 450 privacy-related bills have been introduced in state legislatures in just the last several years.
- Create a privacy policy: SMBs should develop policies that dictate how to protect customer information. These policies should detail what information is protected and be written in simple language that can be easily understood by customers.
- Implement technology to protect the information: Make a solid data protection effort. Policies mean nothing unless organizations actually follow up and implement security controls. A commitment to data privacy means the organization has expended the funds necessary to adequately secure the data.
- Educate and train employees on the privacy policy: Training is the lifeblood of any policy change. Don't expect employees to understand change unless they are informed and made aware of its importance.
- Publicly post the privacy policy: The policy should be accessible by the organization's customers. Customers are the lifeblood of any business. They should know what steps the business is taking to protect their personal information including: name, address, credit card number, etc.
Customer data is a valuable corporate asset and as such deserves a sufficient level of protection. Customers expect steps to be taken to protect their personal information. In doing so, you are not only meeting expectations but also placing yourself ahead of the competition. If this is something that your organization has put off, now is the time.
Michael Gregg has been involved in IT and network security for more than 15 years. His current responsibilities include performing security assessments and evaluations for corporate and government entities. He has served as the developer of high-level security classes, contributed to several books and study guides and has taught classes for many fortune 500 companies. To comment on this story, email editor@searchcio-midmarket.com.
This was first published in December 2004