5/07/2005

Guidelines for Protecting Consumer Privacy Issued

"TRUSTe, a non-profit online privacy group, issued its first set of data security guidelines Monday to assist companies — small and large — evaluate new or existing policies for protecting consumer and employee personally identifiable information. These guidelines are available as a resource for companies that hold TRUSTe's Web and other members of the public...

TRUSTe suggests ten "high-level" requirements every company should consider to protect their customer's personal or sensitive data:

-A company-wide data security policy and employee training program
-Internal control over the collection, use and sharing of confidential or private data
-Access procedures that are based on an individual's "need to know"
-Internal control over the management of third-party vendor or outsourced relations
-Administrative control and physical security
-Perimeter controls, such as firewalls and VPN
-Encrypt sensitive data when transmitting across public networks, especially when using wireless or Bluetooth technologies
-Updates for anti-virus software and security patches
-Identity management and authentication procedures (when feasible)
-Regular tests and monitoring

Read more in article from smallbusinesscomputing.com via ths Small Business Brief post