A natural disaster can wreak havoc on any business. But it's even worse when that real-world catastrophe becomes a data security calamity.
Before the summer storm season arrives, get your business ready. Just like you gather flashlights, bottled water, and emergency supplies, you can prepare your business by reviewing data retention and disposal practices.
Why are data retention practices important? As Bob Dylan said, “the answer, my friend, is blowin' in the wind.” Remember the Brooklyn warehouse fire, where media reports indicate that medical records (including drug tests), bank checks, and Social Security numbers were strewn about the neighborhood. Or tornados in the Midwest which literally blew away sensitive personal information, sometimes even across state lines.
No one wants that to happen to their business. Of course, you can't stop a hurricane or tornado. But while the sun is still shining, you can reduce the risk to customers and employees by safely disposing of paperwork you no longer need. The last thing you want is old records, that you should've securely destroyed years ago, blowing in the wind. If you hold onto only what you really need, it's easier to keep it safe – and there's less to lose in a natural disaster.
To prepare your business, review these data minimization and disposal tips:
- Take stock. Create an inventory of the personal information you have. That way, if your files are destroyed or lost in a natural disaster, you'll know what information is involved.
- Scale down. Collect only what you need. For example, if there's no business reason why you have to have someone's Social Security number, don't ask for it in the first place. Keep records only as long as you have a reason to maintain them. Don't hold onto customer credit card information unless you have a business need for it.
- Lock it. Store personal information in the safest part of your building. If information is missing after a natural disaster, contact law enforcement. If possible – this is where your inventory helps – contact affected individuals so they can place a fraud alert on their credit reports.
- Pitch it. Properly dispose of what you no longer need. Shred, burn or pulverize paper records before discarding. If you use consumer credit reports for a business purpose, you may also be subject to the FTC's Disposal Rule. For more information, see Disposing of Consumer Report Information? Rule Tells How.
To learn more about how your business can protect personal information, consult the FTC'sProtecting Personal Information: A Guide for Businesses and the Business Center data security site. And if you want to provide helpful information to your employees or customers after a natural disaster, consider sharing the FTC's Dealing with Weather Emergencies.