Thursday, April 7, 2011

Protecting Your Customer's Sensitive Information

Businesses subject to the Financial Modernization Act of 1999 (also know as the Graham-Leach-Bliley Act) are required to comply with provisions that protect personal and financial information to maintain the trust and confidence of their customers.

Companies should develop a written information security plan that describes, among other things, the specific ways their employees should protect consumer information.

Sloppy handling of personal and identifying information can be devastating to a small business. A breach of security of this information can lead to personal identification theft of customers, and can open the company up to liability. The loss of reputation alone can destroy an otherwise successful company. So how can your company take steps to protect your customer’s information? Here are five steps that you might consider implementing:

1. Create a paper trail that documents your operations. Once you know where the trail starts and ends, you can analyze each step and develop a plan ensuring security of information. Limit access to sensitive data when possible and dispose of sensitive documents by shredding.

2. Electronic data should be protected with passwords and encryption.

3. If you use third-party services in the process of taking care of your customers, make sure they adhere to strict privacy standards. Ask for a copy of their privacy guidelines.

4. Regularly communicate with employees regarding your company’s privacy activities. Reference compliance within your employee handbook.

5. Have a plan to guide you if there is a breach of security. Know who to contact, what data to protect and how long it should take to plug the gap. You should also have a plan for notifying affected customers in the event of a breach.