Protect Your Customers with this Data Privacy Checklist

In today’s climate, it is essential that your organization understand how to manage private data. Ignorance is no excuse, and even a single misstep could land you in hot water with regulatory agencies, media organizations, and your own clients.

Use the following checklist to ensure that the protections you have in place are sufficient – and in the event that they are not, make you aware of what needs to change.

Customer Disclosures

• I have drafted and published a privacy statement that is easy to read and understand for consumers. Within it….
  • I have defined customer data clearly and concisely
  • I am transparent about the personal information my business collects from consumers.
  • I am transparent about how that information is used – ie. disclosure to third parties, secondary uses of personal data, etc.
  • I have established defined rules regarding…
    • How data is collected
    • How data is used and disclosed
    • How long data is retained
    • How employees are advised and educated on data retention and protection

Business Processes

• I know what data my business is responsible for
• My employees understand my business’ data protection guidelines.
• If a consumer does not wish for my business to store or manage their data, there are procedures through which they can take ownership/remove it from my servers.
• I know which employees have access to that data.
• I have ensured that these are solely employees that need to have access.
• Where required, I have registered with the Data Protection Commissioner.
• The employees responsible for these data sets have been briefed on said provisions.
• Data is regularly checked for accuracy, and time-sensitive data is regularly evaluated.
• Data protection policies are regularly reviewed and re-examined.
• Where relevant, I am fully-compliant with regulations such as:
  • HIPAA
  • FISMA
  • PCI
  • NERC
  • PSQIA
  • PIPED
  • GDPR
  • SOX
  • GLB
  • C-TPAT
• My employees are fully-educated on protecting private data – both their own and the data managed by my business.
• My business is an open, public advocate for user privacy rights
• My business is transparent about government requests for user data.

Technology Precautions

• I know how data is secured while active, at rest, and in transit.
• There is a defined set of security provisions in place for each set of data.
• All computers and databases where sensitive data is stored are…
  • Access-controlled
  • Password-protected
  • Encrypted
• I have taken measures to secure my corporate network, such as…
  • SSLs (Liquid Web offers SSL options for encrypting your transactions online.)
  • Firewalls
  • Strong Authentication
  • Secure VPN
  • Management/control of corporate devices (ie. smartphones, laptops, tablets)

Getting Data Privacy Under Control

It is a long checklist, is it not? All the same, it is one that you should mark off in its entirety if you truly wish to say your organization is serious about data privacy. Completing this list will help you foster trust with your customers while avoiding trouble with regulatory agencies. For those with HIPAA compliant hosting requirements, we have the resources for your success.