Quick and Easy Security Wins
Under the law, you must make sure that any personal information you collect is upto-date, accurate and protected with adequate security safeguards. In other words, there are hidden costs and obligations involved when you collect personal information.
One of the easiest and cheapest ways to make your business privacy-compliant is to only collect the personal information you actually need. An information audit will help you review the information you currently collect. If it isn’t really needed for your business, don’t collect it.
Another quick and easy security win is to limit who gets access to customer information on a “need-to-know basis” only. Asking customers standing at the cash for their name and telephone number as part of a customer loyalty program, for example, broadcasts that information to the whole store. Use a password instead. Similarly, if you pull up a customer’s record on the cash register – which often includes their name, address and credit card information – make sure the screen isn’t pointing out so other people in the store can see it.
Limit the flow of information within your business as well. Make a list of those employees who really need to use customer information to do their job. If they don’t need it, make sure they can’t see it.
Securing personal information from prying eyes doesn’t have to be expensive. It can be as simple as locking a filing cabinet or restricting who has access to an office.
Lastly, make security a long term investment. When you’re buying new software, make sure you can password-protect or encrypt customer files. And the next time you buy a new cash register, buy one that allows you to truncate (“x” out) payment card numbers on customer receipts.