If you’re like many busy professionals, your file cabinets, desk drawers, computer, and cell phone have become corporate archives brimming with business information. When it comes to having sensitive data at your fingertips, it used to be that more was considered better. But the climate has changed.
In an age of security breaches and identity thieves, the professional pack rat should be a thing of the past. Scale down—keep only what you need for business.
Today’s savvy professionals have learned to travel light, keeping only what’s necessary and safely disposing of the rest. The Federal Trade Commission (FTC) has advice on how you can protect your customers and employees by securing sensitive data in your possession.
- Cool, calm, and uncollected. If you don’t have a valid business reason to collect personal information, don’t ask for it in the first place. Review the forms you use to gather data—like credit applications and fill-in-the-blank web screens for potential customers—and revise them to eliminate requests for information you don’t need.
- Don’t fidget with the digits. Unless you have a legitimate business justification, don’t hold onto customers’ credit card information, including account numbers and expiration dates. Keeping sensitive data longer than necessary creates an unwarranted risk for fraud.
- Stay socially secure. Make it a company policy to use Social Security numbers only for required lawful purposes — like reporting payroll taxes. Don’t use them unnecessarily as employee identification numbers or customer locators.
- Is your default at fault? Sometimes the software used to read credit card numbers and process transactions is preset to store information permanently. Check your settings to make sure you’re not inadvertently keeping more than you need.
- Too much information? Make sure your receipts are complying with a law that’s been effective for all businesses since December 1, 2006. According to the Fair and Accurate Credit Transaction Act, electronically printed credit and debit card receipts you give your customers must truncate the account information. You may include no more than the last five digits of the card number, and you must delete the card’s expiration date. Details in Slip Showing? Federal Law Requires All Businesses to Truncate Credit Card Information on Receipts.
- Pay attention to retention. If you must keep information for business reasons or to comply with the law, develop a written records retention policy to identify what must be kept, how to secure it, how long to keep it, who’s authorized to access it, and how to dispose of it securely when you no longer need it.
Find more tips and tools to protect your customers and business in BBB’s Data Security Made Simpler.