If you have a small business, you need to be concerned about data privacy. You no doubt have sensitive, personal information about your employees, your clients, or both. This could include names, addresses, bank account data, credit card numbers, social security numbers, and dates of birth. You need this data to make payroll, fill orders, and deliver products.
Unfortunately, security breaches can lead to fraud, identity theft, and other negative consequences. Keeping your data secure is critical to maintaining good business relationships – and staying in compliance with the law. To start this process, consider the following steps:
- Know what you have;
- Consider what you need;
- Secure the data;
- Dispose of unneeded data; and
- Create a response plan.
Small Businesses and Data Privacy: Know What You Have
Take some time to inventory what data you have on all computers as well as paperfiles. Consider data gathered through your website, call centers, and from contractors. Does your business use flash drives, digital copiers, or facsimile machines? What about mobile devices? Search high and low, locating all data storage.
Small Businesses and Data Privacy: Consider What You Need
Perhaps when you started collecting data on clients and employees, you had a different system in place than you do now. Perhaps you borrowed another business owner’s data collection form without considering what your business needs. Evaluate what you collect verses what you need. Modify collection practices to reflect only what is necessary for business.
Small Businesses and Data Privacy: Secure the Data
You likely have two types of data, paper and digital. Thus, you must implement two security systems. Paper data obviously must be treated differently than electronic data. Locked rooms and locked file cabinets go a long way in securing physical data. Consider limiting the number of keys and identified employees with access.
For electronic data, identify where the information is stored. Consider whether an internet connection is necessary to conduct business on this same computer. Encrypt information sent over the internet or stored on computer networks.
Small Businesses and Data Privacy: Dispose of Unneeded Data
When disposing of unneeded data, take steps to ensure you dispose of the data properly. This includes steps to prevent unauthorized access to or use of personally identifying information. This may include shredding or burning documents, using software to wipe utility programs, etc. Of special note, if you are disposing of credit reports, you may be subject to the Federal Trade Commission’s Disposal Rule.
Small Businesses and Data Privacy: Create a Response Plan
You should implement a plan to respond to security incidents now. In addition to an immediate response, your plan should include steps for investigation of the breach, a root cause analysis of the breach, and customer notification. Additionally, many states, as well as federal bank regulatory agencies have laws regarding data breaches. As such, it is best to discuss your response with a qualified business attorney.
Understanding Data Privacy
Data privacy is extremely important to businesses large and small alike. Ensuring a streamlined, rigorous protection system is essential to a good business plan. Understanding data privacy and taking the necessary steps goes a long way towards protecting your employees and clients.
Running a Small Business?
If you are running a small business, you need an experienced business attorney to assist you in your small business needs. From starting your own small business, to litigating business issues, to writing contracts and engaging in teaming agreements, to data privacy issues, an experienced business attorney saves you money and heartache in the long run. The Law Office of Todd M. Kurland, P.A. offers comprehensive business services to businesses large and small in the West Palm Beach area. Contact us for a free consultation to discuss how we can help you with your business needs.