Fulfilling Your Obligation to Protect Your Clients

Target has taken a lot of heat lately about the information security breach, but unfortunately, their situation is hardly unique. We know protecting your clients information is a high priority, even if you aren't a giant mega-corporation like Target. So, here is a handy checklist to make sure no one "Targets" you.

  1. Create a policy for holding and storing Personally Identifiable Information (PII), and ensure it is accurate, relevant, timely, and complete.
  2. Instruct your employees to not leave their desks or countertops with documents that contain PII in plain sight. Also, make sure that you keep such documents flipped over when you aren't working on them at the moment so that passer-bys can't sneak a peek.
  3. Reduce the amount of PII information to the minimum necessary for proper performance of agency functions. Collecting email addresses is great for marketing purposes, but if you don't do email marketing, don't keep that info around because it could be a liability.
  4. Provide training for all employees or contractors who handle or have access to PII documents.
  5. Control access to the amount of people who have access to PII documents. If too many people have access, it becomes easy to forget who should have access and who shouldn't.
  6. Any devices that are easy to steal—such as laptops, cellphones, flash drives, and tablets—should be limited or restricted from being used to store PII.
  7. Ensure that PII information that is transmitted electronically is done so using secured technologies.
  8. Develop a schedule for periodic review of policies for PII and how it is stored.
  9. Develop an incident response plan in case of a PII breach.
  10. Eliminate the unnecessary collection and use of Social Security Numbers (SSNs).
  11. Develop a shredding policy and procedure to eliminate the unnecessary storage of paper containing PII.

Here are some additional articles to explore related to securing PII:

http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html
http://money.cnn.com/2014/01/10/news/companies/target-hacking/
http://en.wikipedia.org/wiki/Personally_identifiable_information

 If you have questions or concerns about the security of your computer or network, if you want to know more about how to keep your customers' information safe, feel free to contact us!