Fourscore Business Law Data Security Policy
In the digital age, data security is one of the most important aspects of protecting clients’ financial and personal information. With large-scale breaches affecting millions of people through Facebook, Target, Yahoo!, Equifax and countless other businesses, taking data security seriously is of paramount importance.
Businesses must also establish effective procedures to protect their own proprietary information, financial records and their employees’ personal information. Some steps, such as not sharing passwords and locking computers when they are not in use, are obvious and easy to implement. However, other steps may not seem so obvious and can entail significantly more preparation on the part of business owners.
10 Steps to Secure Your Clients’ and Business’ Information
1. Change your passwords frequently: changing your passwords every month or so may seem like a burden, but it is one of the simplest ways you can protect valuable data. Changing passwords helps to mitigate the effect of a data privacy breach by preventing a breacher from stealing all subsequent information you acquire after the breach. Instead, if you consistently change your passwords, the most that a hacker will be able to get is the information contained between the time they figure out one password to the time at which you update to a new password.
2. Lock your laptop when it is not in use: By simply locking your laptop when you are not actively using it, you can eliminate the ability of people in your workspace from seeing your business data or your clients’ personal information. This simple habit is also a step toward creating a culture of privacy around your business that will indicate the importance of protecting the business’ privacy to your employees.
3. Use paper shredders: Sometimes the old-fashioned way is just the best. This is the case with regard to the use of paper shredders. When you no longer need a document that you have printed, it is a good habit to shred it instead of simply throwing it away. This will ensure that sensitive information that you may not have even known about will be kept from prying eyes.
4. Develop a “best practices” plan for use of credit cards: Using credit cards is one of the most convenient ways to receive payment. However, it is of paramount importance that your business develops a best practices plan for the use of clients’ credit cards and the storage of their information. Some important steps include:
Keeping the credit card numbers and security codes in a secure location (or not keeping them on file at all).
Sending receipts to clients each time you charge their credit card.
Removing all credit card information for people and businesses who are no longer active clients.
Keeping the client’s name in a different location than the associated credit card number and security code.
Obtaining written authorization before providing a client’s credit card information to a third party.
5. Report Security Incidents: Although not desirable, security incidents may be inevitable in the digital age. As soon as you realize your business has suffered a security breach, immediately take steps to lock down your entire system, change your passwords and notify your security expert (if you have one). Inform all of your employees who need to know about the breach and discuss if any clients need to know. Take active measures, if you can, to find out how the breach occurred and inform any appropriate legal or governmental authorities of the security incident.
6. Encrypt sensitive data: Sensitive data, such as social security numbers, credit card and bank information, and health records should be encrypted to mitigate chances of unintended discovery. There are many comprehensive data-protection services, such as rackspace.com and gemalto.com, that can help you establish secure encryption for your business’ private information.
7. Establish rules for the company’s mobile devices: Computers are not the only devices that are liable to security breach. You should also make sure that you have a well-planned policy regarding how your employees may use their other mobile devices that contain sensitive business information. Some tips include not using social media on business mobile devices, requiring that employees frequently change their passwords to their mobile devices, and establishing protocol for who may contact clients on the company devices.
8. Train your employees on both the importance of security and the substantive steps you plan to implement: Practice makes perfect! You should have a clear set of guidelines (preferably posted somewhere where employees will see it frequently) that state the expectations you have for ensuring privacy and data protection. You should also hold meetings, from time to time, in which you explain the steps they need to be taking and answer any questions your employees may have with regard to privacy protection.9. Make sure your clients understand what you are using their personal information for: Consider putting together a consent form to send to each client that explains exactly what you will be using their personal information for. This will allow both parties to have a clear understanding of the parameters of use of the clients’ information. In the case of a dispute regarding consent, this form, preferably signed by the client, could also help protect your business from illegitimate claims.
10. Stay up to date with new data-protection technologies: Technology seems to change overnight these days. This is both a blessing and a curse. It is expensive and time consuming (and often confusing!) to keep up with the most recent technology, but technology does continue to make our lives easier. By maintaining knowledge of the most recent types of technology that can help you protect your business’ and clients’ data, you will diminish the chances that hackers can get access to your files. Online magazines and articles such as Info Security Magazine and The Journal of Data Protection and Privacy provide important information that you can utilize. Although this will take some work, preventative practices are much easier and more convenient than trying to fix a data breach.
Please note - the lawyers at Fourscore Business Law are experienced in business matters of many kinds, which give us the opportunity to be involved in tax discussions on a regular basis. However, we are not CPAs or “tax” lawyers. We have many great contacts and refer our clients to them when needed. Please do not take the summary set forth in this article as tax or business planning advice!
Based in the Research Triangle region of North Carolina, Fourscore Business Law serves entrepreneurs and businesses in Raleigh, Durham, Chapel Hill, Wilmington, Charlotte and throughout the Southeast. We also represent venture capital funds and other investors who invest in companies located in New York, Silicon Valley and everywhere between.The idea of delivering maximum impact in a simple and succinct manner is what we’re calling the Fourscore Principle. And that is what Fourscore Business Law is based on. Our clients operate in a broad range of industries including tech, IoT, consumer products, B2B services and more. Questions? Shoot us an email or give us a call at (919) 307-5356. Your first call is on us.