CLIENT PORTAL | YC SECURE UPLOAD

Menu
Learn the Rules on Consumer Privacy

Learn the Rules on Consumer Privacy

Your business has employees’ and may have customers’ personal information (names, Social Security numbers, credit card information) stored both physically and electronically. You use this data to meet payroll, fill orders and perform necessary business functions.

 

But if this information falls into the wrong hands, it can lead to fraud or identity theft. Have you considered how to protect this sensitive data? What are the threats for your business? What does your security look like? How do you keep only what’s essential? How long has it been since you reviewed your security plans and policies?

 

The cost of a security breach is huge: Not only will your employees be upset, but you may lose your customers’ trust. You might find yourself defending your company against a lawsuit. That makes safeguarding personal information a good business decision.

The Federal Trade Commission has outlined how to protect the information you keep and how to properly dispose of what you no longer need in “Protecting Personal Information: A Guide for Business.” The agency urges you to create a plan to respond to security incidents.

 

Getting down to basics

Here are five key principles of a sound data security plan.

1. Assess. Know what personal information you have in your offices and files.

 

  • Inventory company servers, laptops, mobile devices and flash drives to discover where sensitive data is stored. Pay particular attention to Social Security numbers, credit card information, bank account numbers and other financial data.
  • Inventory nonowned devices. What information is received through websites, from contractors and at call centers? What information is saved on employees’, contractors’ or vendors’ personal computers, phones or digital copiers?

2. Reduce. Collect and keep only what you need for your business.

 

  • Restrict access to sensitive data: Each employee should have access only to those resources needed for the job.
  • Consider how much information nonemployees should have access to.
  • Use information lawfully.

3. Secure. Protect the information that you collect and keep.

 

  • Create effective security plans to assess physical and electronic security, employee training, and the security practices of contractors and service providers. Security is the responsibility of everyone in the company.

4. Delete. Properly dispose of what you no longer need.

 

  • Implement information disposal practices from paper shredders to secure data erasing. Make sure employees who work from home follow the same procedures.

5. Plan. Create a response to security incidents.

 

  • Designate a senior member of management to be the point person for any response to security breaches.
  • Employ a comprehensive response, ranging from disconnecting compromised equipment to knowing who needs to be notified of the breach. Be sure to consult your attorney to be sure you are following applicable laws when contacting customers, law enforcement, credit bureaus and other businesses that may be affected.

It is also important to review any legalities that may impact your plans. Statutes like the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information. California, Colorado, Connecticut, Utah and Virginia have consumer data privacy laws with provisions like the right to access and delete personal information and to opt out of the sale of personal information. Other states that are working on such legislation include West Virginia and Georgia, where the legislation has passed but is not yet signed into law, as well as Rhode Island, Vermont, Kentucky and Wisconsin.

Understanding how sensitive information moves into, through and out of your business and who has — or could have — access to it is essential to assessing security vulnerabilities.

 

© YC Partners 2025

Related Posts