Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees.

This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

A sound data security plan is built on 5 key principles:

1. Take stock. Know what personal information you have in your files and on your computers.
2. Scale down. Keep only what you need for your business.
3. Lock it. Protect the information that you keep.
4. Pitch it. Properly dispose of what you no longer need.
5. Plan ahead. Create a plan to respond to security incidents.

Use the checklists on the following pages to see how your company’s practices measure up—and where changes are necessary.

Download Protecting Personal Information: A Guide for Business

PDF format, 3.5MB, 28Pages. Published by FTC.

FEDERAL TRADE COMMISSION
600 Pennsylvania Avenue, NW
Washington, DC 20580
1–877–FTC–HELP (1–877–382–4357)

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free 1–877–FTC-HELP (1–877–382–4357); TTY: 1–866–653–4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Opportunity to Comment
The Small Business and Agriculture Regulatory Enforcement Ombudsman and 10 Regional Fairness Boards collect comments from small business about federal enforcement actions. Each year, the Ombudsman evaluates enforcement activities and rates each agency’s responsiveness to small business. To comment on FTC actions, call 1–888–734–3247.

ADDITIONAL RESOURCES:
These websites and publications have more information on securing sensitive data:

National Institute of Standards and Technology (NIST)’s Computer Security Resource Center
www.csrc.nist.gov

NIST’s Risk Management Guide for Information Technology Systems
www.csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Department of Homeland Security’s National Strategy to Secure Cyberspace
www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf

SANS (SysAdmin, Audit, Network, Security) Institute’s Twenty Most Critical Internet Security Vulnerabilities
www.sans.org/top20

United States Computer Emergency Readiness Team (US-CERT)
www.us-cert.gov

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center
www.cert.org/other_sources

Center for Internet Security (CIS)
www.cisecurity.org

The Open Web Application Security Project
www.owasp.org

Institute for Security Technology Studies
www.ists.dartmouth.edu

OnGuard Online
www.OnGuardOnline.gov

Comments (0)

Name

Email

Comment

smaller | bigger

Add Comment