Data Privacy Day: Tips for Protecting Your Company’s Data

Data Privacy Day: Tips for Protecting Your Company’s Data

Happy Data Privacy Day!  A day devoted to educating consumers on how to protect their privacy and different steps that can be taken to safeguard personal information.  Whether you are an individual buying something on the internet or a company protecting thousands of customers, it is as important as ever to protect your information.  I think this day is a great vehicle for educating individuals on the risks they may not be aware of and how they can be avoided. 

 In our effort to educate companies on data privacy, here are some tips on how you can protect sensitive data on your offline IT assets:

1. Beware of the hard drive in your copier:  A used copier can be a gold mine for a hacker.  If your company leases or resells copiers, printers or fax machines, make sure you are taking the necessary steps to remove data history.  One hard drive found in a copier may contain hundreds of pages of personal information such as medical information or pay stubs with names, addresses and Social Security numbers.  Returning a copier or machine without erasing sensitive data may result in fines and failure to comply with the rules of various industry regulations, such as HIPAA. 
2. Make sure you know who you’re signing your data over to: If you are doing business with a third party vendor, make sure you know who is liable for lost or compromised data.  Companies who outsource IT functions, such as hard drive destruction, may retain the liability if a shredding company loses an asset or data is compromised.  In most cases, the owner is responsible for lost data, not the shredding company that lost it. To avoid the blame game, when you are doing your research and looking for a disposal vendor, you need to make sure the vendor is compliant with all data privacy and security requirements of your industry.  Then make sure you know if your contract states who is responsible for any repercussions of lost or stolen data.  Companies are more likely to hold third party vendors contractually responsible for consequences that occur after they handed the data over, however, vendors do not always take the responsibility and write clear as day we “provide no indemnification for lost or stolen data”.  
3. Track everything that can be tracked: With the growing amount of portable IT assets employees access company information from, brings an increase in risk that data gets into the wrong hands.   Smartphones, laptops, USB drives, and tablets can all hold a significant amount of private information and when lost can result in a serious data breach.   This also goes for hard drives or servers that have come offline and are waiting to be destroyed.  I advise you have a way to verify they all got destroyed properly to avoid the asset showing up somewhere else!