While you have a need to collect individuals’ private information in order to do business, it’s also your ethical and legal responsibility to safeguard that information. Use this quick guide as a resource for protecting your customers’ privacy.
- The type of data collected
- How customers benefit from data collection
- Steps for opting out of data collection
- How your company uses customer data
- How your company protects customer data
Establish Clear Retention Guidelines
A retention policy protects customer privacy by clearly defining what records should be kept, for how long, and who has access to them. Without a retention policy, it’s difficult to safeguard the information you collect from your clients. Since every business has different legal and operational records requirements, it’s best to consult with your attorney when establishing a retention policy.
Back Up Your Digital Data
Regular backup of customer data is a vital part of keeping your business viable in case of disaster. However, if your process isn’t secure, it also holds the potential for a privacy breach. Depending on your IT infrastructure and capabilities, you have two backup options:
- Electronic vaulting
- Offline backup
Electronic vaulting offers automated backup to the cloud by a data protection partner. Offline backup is performed internally on your local server. When using an offline backup strategy, take advantage of a backup rotation service to ensure your backup media is routinely and securely transferred offsite to a media storage vault for protection from theft and natural disasters. Make sure a strict chain of custody is adhered to at all times during the media rotation process.
Store Data Offsite
Whether your customer data is in hard copy or digital format, it’s important to restrict access to it. Don’t underestimate insider risks like dishonest employees and corporate espionage. Storing your information offsite fulfills the following requirements:
- Protects customer records from unauthorized access
- Restricts data access to authorized personnel only
- Tracks and monitors all access to customer data
Paper documents and files are best protected in a commercial records center, while digital data is the safest when stored in a media vault.
Destroy Old Data Securely
If you run a busy office, prompt destruction of expired customer records often falls by the wayside. Office paper shredders are notoriously unreliable—and a big drain on employee time—but you still have an obligation to destroy customer information at the end of its lifecycle. Unless destruction is swift, secure and complete, the risk of identity theft is too great.
Outsourcing your paper shredding and media destruction to the right company is the best way to protect your customers’ privacy. A professional scheduled paper shredding service facilitates prompt disposal of documents.
First, security containers are placed in your office enabling confidential files to be quickly dropped inside. On a schedule you choose, your documents are collected and destroyed either on-site at your facility or off-site at a secure shredding plant. Your shredding and destruction provider can also securely destroy obsolete IT equipment, hard drives and backup tapes for total information security.
If you’re serious about protecting your customers’ information, use this quick guide to complete your privacy protection toolkit.
Records Management Center offers document storage, shredding and imaging services for businesses throughout Augusta, Evans, Thomson, and Martinez, GA, plus Aiken, SC and the Central Savannah River Area. For more information, please contact us by phone or complete the form on this page.