Data Protection Basics
"There are certain privacy and security rules that every business or organization should live by:
· Identify the sensitive information collected from customers...Keep this data only as long as needed. Block access or truncate display of it for anyone without a specific need to see it. Make your employees aware of what is sensitive.
· Data in transit are data at risk. Send only the data needed by the recipient. Truncate or encrypt all sensitive information. Establish appropriate data retention and destruction requirements...
· Screen all employees with access to sensitive information. Allow access only to what an employee needs to do his job. Monitor employee access to customer information...
· Include security requirements in every vendor contract. Interview your vendors’ security employees. Read the privacy policy of your vendors. Understand the legal requirements for offshore vendors.
· Overreact if you have a security breach...Hoping the problem goes away only ensures that it gets bigger.
· Learn from the marketplace. Don’t make commitments you can’t live up to...If your security practices aren’t changing, you aren’t keeping up with new risks..."
Read more in this DMNews.com article found via this Privacy and Security Law Blog post.