Protect Your Customers with this Data Privacy Checklist

Protect Your Customers with the Data Privacy Checklist
In today’s climate, it is essential that your organization understand how to manage private data. Ignorance is no excuse, and even a single misstep could land you in hot water with regulatory agencies, media organizations, and your own clients.

Use the following checklist to ensure that the protections you have in place are sufficient – and in the event that they are not, make you aware of what needs to change.

  • I have drafted a privacy statement that is easy to read and understand for consumers. Within it….
    • I am transparent about the personal information my business collects from consumers.
    • I am transparent about how that information is used – ie. disclosure to third parties, secondary uses of personal data, etc.
    • I have established defined rules regarding…
      • How data is used and disclosed
      • How long data is retained for
      • How employees are advised and educated on data retention and protection
  • I know what data my business is responsible for, and my employees understand my business’ data protection guidelines.
  • If a consumer does not wish for my business to store or manage their data, there are procedures through which they can take ownership/remove it from my servers.
  • I know where data is stored and how it is secured.
  • I know which employees have access to that data.
  • I have ensured that these are solely employees that need to have access.
  • Where required, I have registered with the Data Protection Commissioner.
  • There is a defined set of security provisions in place for each set of data.
  • The employees responsible for these data sets have been briefed on said provisions.
  • All computers and databases where sensitive data is stored are…
    • Access-controlled
    • Password-protected
    • Encrypted
  • I have taken measures to secure my corporate network, such as…
    • SSLs (Liquid Web offers SSL options for encrypting your transactions online.)
    • Firewalls
    • Strong Authentication
    • Secure VPN
    • Management/control of corporate devices (ie. smartphones, laptops, tablets)
  • Data is regularly checked for accuracy, and time-sensitive data is regularly evaluated.
  • Data protection policies are regularly reviewed and re-examined.
  • Where relevant, I am fully-compliant with regulations such as:
    • HIPAA
    • FISMA
    • PCI
    • NERC
    • PSQIA
    • PIPED
    • The EU Data Protection Directive
    • SOX
    • GLB
    • C-TPAT
  • My employees are fully-educated on protecting private data – both their own and the data managed by my business.
  • My business is an open, public advocate for user privacy rights
  • My business is transparent about government requests for user data.

It is a long checklist, is it not? All the same, it is one that you should mark off in its entirety if you truly wish to say your organization is serious about data privacy. No one ever said it would be easy – but the trust you will foster with your customers (and the trouble you will avoid with regulatory agencies) is well worth the effort.

Published by