Facebook has once again come under some heat for the possible compromising of personal information from its customers. Facebook permits secondary access to accounts, which allows 3rd parties to display ads, applications, and the like. Apparently there was a flaw in the system, allowing those 3rd party users to access far more than they were supposed to, including personal information, photos, and even chat logs. This flaw pales to the data breaches at other companies over the past few months, including the exposure of credit card numbers, e-mail addresses, social security numbers, phone numbers, mail addresses, medical records, and more.
Is your company at risk of doing the same thing? It may be time to look at your current procedures and see if anything needs to be improved. Protecting personal data falls under two categories: 1)security and 2)policies
1. Personal Data Security– Are you following proper procedures to protect information? Your company needs to protect information both electronically and physically.
a) Computer protection: Make sure security software is current and running on all company computers. Programs such as Symantec are easy to purchase and set up.
b) Website protection: Any website areas where customers make a purchase should be secure (https). Also consider adding Verisign service to your site for added customer assurance:
c) Credit Card information: Follow your Merchant Services Bank policies on proper data security. Do not leave credit card slips laying about where someone can steal or copy the info. Too many retailers and restaurants leave those slips in an unsecure folder next to the cash register.
d) Data backup: For better protection of your most important files, consider a remote backup of your computer files. There are many businesses that offer this service, either through a courier or online. Smaller companies should at least start with a simple backup plan, like the one offered by Mozy:
e) Personnel files: Are you keeping employee files properly secure? In the “good ole days” companies would print employee rosters that include home phone numbers and addresses (so that folks could mail Christmas cards, etc.) but these days you could get sued for such data exposure, especially if you posted it online. Just be smart about it. You do not want to get paranoid, but you also do not want to expose any of your employees to a stalker.
f) Secure your Faxes: Have your faxes go directly to your computer, instead of having them lay around on a fax machine tray for hours. Consider a service such as eFax:
2. Employee Policies- Do you have the proper HR policies in place? You should have policies for protecting confidential information, such as employee info, customer lists, company formulas/ recipes/ processes. Consider adding the following to your Employee Handbook:
a) Confidentiality Policy: Protect sensitive info on your customers, students, clients, and employees. Make sure all employees understand that such info is on a need-to-know basis and must be kept confidential.
b) Non-Disclosure or Use of Trade Secrets: Guard your company processes, formulas, recipes, customer lists, suppliers lists, and more. Employees should not use this info for soliciting other business.
c) Photo and Video Policy: Almost every company should have a policy forbidding the taking of personal photos or videos on company time or company property. In addition, if you may need a stricter policy for certain areas like a records room or when dealing with customer files like medical records or credit records.
Ready for a new Employee Handbook? If so, consider the following employee handbook services:
For Businesses: Genuine HR
For Non-Profits: New Wind
For Churches and Ministries: Ministry HR
Is your company leaking personal data? Take the time to check. Make sure you have the proper security in place AND make sure that your policies are in writing so that all employees understand.