Keep Only What You Need. Reduce the volume of information you collect and retain to only what is necessary. Minimize the places you store personal data. Know what you keep and where you keep it.
Safeguard Data. Lock physical records in a secure location. Restrict access to employees who need to retrieve private data. Conduct employee background checks and never give access to temporary employees or vendors.
Destroy Before Disposal. Cross-cut shred paper files before disposing of private information. Also destroy CDs, DVDs and other portable media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the drive, or physically destroy it.
Update Procedures. Do not use Social Security numbers as employee ID or client account numbers. If you do so, develop another ID system now.
Train Employees. Establish a written policy about privacy and data security and communicate it to all employees. Educate them about what information is sensitive and their responsibilities to protect that data.
Control Use of Computers. Restrict employee use of computers to business. Don't permit use of file sharing peer-to-peer websites. Block access to inappropriate websites and prohibit use of unapproved software.
Secure All Computers. Implement password protection and require re-logon after a period of inactivity. Train employees to never leave laptops or PDAs unattended. Restrict tele-working to company-owned computers and require use of robust passwords that are changed regularly.
Keep Security Software Up-To-Date. Keep security patches for your computers up to date. Use firewalls, anti-virus and spyware software; update virus and spyware definitions daily.
Encrypt Data Transmission. Mandate encryption of all data transmissions. Avoid using Wi-Fi networks; they may permit interception of data.
Manage Use of Portable Media. Portable media, such as DVDs, CDs and USB "flash drives," are more susceptible to loss or theft. Allow only encrypted data to be downloaded to portable storage devices.