The problem lies with compromised information that’s more than an inconvenience for customers and you.
If someone hacks client, business, or employee information, you become liable for the damages.
You will lose customers, the strength of your brand, and may even become the defendant in lengthy lawsuits; all of which costs your company money and opportunities.
Strengthening your privacy policies is a core step in your data security strategy.
The next step is getting untrained staff where they need to be to help in the fight against security breaches.
There are different privacy policies each company must maintain depending on the type of information they collect from clients and store in their systems.
Outdated privacy policies and untrained staff are unacceptable for medical, insurance/financial, auto, education and web companies.
Even if your industry doesn’t fall in those categories, follow suit as a protection measure for the business and clients.
Federal Trade Commission (FTC) Fair Information Practice
The FTC has organized some best practices for privacy policies in the US-based on laws they have in place to protect customer information.
They’ve extracted requirements from the following policies to give you guidelines on how you should handle sensitive information and privacy policies within your company:
Right to Financial Privacy Act
Fair Credit Reporting Act
Cable Television Protection and Competition Act
Video Privacy Protection Act
Electronic Communications Privacy Act
While many of the practices focus on websites and online companies, it’s a foundation for all companies to follow in an effort to protect their data and clients.
Here’s a summary of what you should do to comply with the FTC Fair Information Practice:
-At a minimum, notify users when you collect their personal information and how you plan to use it.
-Give customers a preference on if they want you to continue using their information or in what manner you have permission to use it.
-Customers should have the right to see any of their information you’re using or storing.
-Make it easy for customers and employees to view and access company privacy policies.
-Post privacy policies at a specific location within your store or office and have a clearly visible link to privacy policies online.
All it takes is an update from legislation to put your business at risk of penalization for non-compliance.
It’s always wise to protect your company from regulations and customer legal action.
Those are the top reasons to review and adjust outdated privacy policies, but there are other advantages:
Protect your company from lawsuits and minimize business risk
Prevent identity theft and data compromises
Retain satisfied customers who are confident in your business
Preserve and protect your brand from a negative outlook based on data breaches
Keep employee information safe and reduce turnover
Have confidence in your staff and their ability to properly handle sensitive client information
Steps to Create or Update your Privacy Policies
The Federal Trade Commission has strategic steps they advise companies to use when composing or updating privacy policies:
Step 1: Review documents to get an account of the sensitive data you’re storing in digital or hard copy format.
Work with the entire company to gather information on what documents you have.
Start with breaking it down by department to question each area on how they receive and use information and what they have.
From there, account for data on all systems including laptops, desktops, tablets, phones, drives, disks, copiers, cash registers, portable merchant devices (square or PayPal here swipe) and any other digital devices.
Review your storage or filing system to document the type and amount of hard data you have.
Step 2: Purge documents, keeping only what you need to complete business functions.
Even if you need to use certain information to complete services or transactions, decide if you can get rid of it once you complete the transaction.
For instance, you don’t need to store credit card information unless clients agree to set up a recurring draft for repeat services.
If you’re required to keep documents on file for a certain period, like tax documents or credit reports, make a note of the date and time you can get rid of them.
Use this as an opportunity to create a new system for collecting and/or storing only necessary information.
Step 3: Secure information you do need to keep in your system.
Only allow staff to access personal information as needed to complete their duties.
Beef up security for all areas where you transport, store, and manage sensitive information.
Encrypt email and fax communications, and keep virus and malware protections updated.
Step 4: Destroy information you don’t need, using a secure data destruction and paper shredding service.
Once you’ve separated the necessary from the unnecessary information, don’t just toss it in the garbage.
Hard drives retain some of the most critical data that criminals can access to steal confidential details.
Use a certified company that can securely manage destruction of sensitive documents in all forms.
Step 5: Create a plan to prevent or minimize data security problems and add it to your risk management strategy.
Now is the time to fix outdated privacy policies or create a new one.
You also need to have definite action steps the company should follow in the event of a data breach.
Outsource or DIY?
Some companies have the skills and expertise to handle privacy policies in-house.
Once your company completes the updates, get an attorney to review the policy.
If you have untrained staff who doesn’t know the ropes of privacy policies, there are simple ways to implement a training program.
Some main points you should include in your training materials are:
Why privacy policies are important and how employees can help maintain customer privacy.
The importance of having strong passwords.
Keeping information confidential by not leaving it unattended, not sharing processes, and locking computers and digital devices.
Avoid the Pitfalls of Outdated Privacy Policies and Untrained Staff
A part of that process is also upholding your duty to keep personal data secure.
Get rid of hard and electronic copies of outdated or unnecessary information.
A reliable shred team can help your company comply with privacy policies and limit exposure to identity theft and data breaches.
PROSHRED®, a paper shredding service with NAID certification, will professionally shred your confidential materials without ever leaving your site.
Contact us today to schedule an appointment!
Join Our Newsletter