Sensitive consumer and employee data is the lifeblood of many businesses.
That’s why it’s essential that companies properly secure or dispose of such data.
Raising additional compliance concerns would be financial data, personal information from children and material derived from credit reports. Your company also may have legal responsibilities to victims of identity theft.
A great resource on such issues is the Federal Trade Commission’s Bureau of Consumer Protection Business Center (http://business.ftc.gov/).
Among the topics the BCPBC can help with are:
- Children’s privacy: Parents have control over what information websites can collect from their children thanks to the Children’s Online Privacy Protection Act. Any business collecting information from someone under the age of 13 must comply with COPPA’s requirements. (http://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule).
- Consumer privacy: You need to stand by your company’s privacy policy. Reread it to be sure you are honoring the promises you’ve made. Consumers want to be sure that their personal information is secure, and smart businesses must be transparent about what they are doing with such data. (http://business.ftc.gov/privacy-and-security/consumer-privacy)
- Credit reporting: If you use consumer reports or credit reports to evaluate customers or potential employees, you have responsibilities under the Fair Credit Reporting Act and other laws. (http://business.ftc.gov/privacy-and-security/credit-reporting)
- Data security: Sensitive personal information about customers and employees requires a sound security plan. Such a system can help you meet your legal obligations to protect such data. (http://business.ftc.gov/privacy-and-security/data-security)
- Information sharing: The Gramm-Leach-Bliley Act requires that financial institutions explain to customers their information-sharing practices and sensitive-data safeguards. (http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act)
- Identity-theft prevention: Under the Red Flags Rule, companies must put in place a written identity-theft prevention program designed to detect warning signs of identity theft in their operations. (http://business.ftc.gov/privacy-and-security/red-flags-rule)
For more help on keeping data secure submit a request for a free consultaion at http://www.hcp4biz.com/consultation/