How safe is your customer’s data? As business owners we collect all sorts of customer data from phone numbers and name and address to social security numbers. However, by not having the appropriate amount of control over that data you could be leaving your business vulnerable to litigation.

More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. Experts say those incidents came to light in large part due to a proliferation of state data breach notification laws, yet current federal proposals to preempt those state measures would allow paper-based breaches to go unreported.

According to the Identity Theft Resource Center, a San Diego based nonprofit, at least 27 percent of the data breaches disclosed publicly in 2009 stemmed from collections of sensitive consumer information printed on paper that were lost, stolen or improperly disposed of.

Source: http://voices.washingtonpost.com/securityfix/2009/12/paper_data_breaches.html?hpid=sec-tech

Here are my top five ways to secure your customer's personal data and reassure your customers that their info is safe.

1. If you don’t need it don’t collect it. Businesses, all too often collect more information than they really need. The more information you collect the greater risk exposure for your business. Only collect customer information when you have a true business need.

2. Catalog it. Know what information your company collects and where it is stored. You must know what information you have collected from customers in case you have a data breach by a hacker, employee, etc.

3. Lock it up. Securing your customers data is particularly important. Hard copy files should be locked away in a file cabinet or better yet a separate room with controlled access. Similarly electronic files should be stored on secured servers and computers. If you receive customer data via a fax machine ensure that the printouts are not left in an area were unauthorized employees can have access to them.

4. Have a response plan. Even with the best data security procedures you might still lose control of your customer’s personal data. This might happen for reasons that are totally out of your control such as employee collations and theft. That’s why it’s important to have a plan of action that includes notifying your customer of that you lost their personal data and what steps your company is going to take to correct the problem. These steps can include offering free credit monitoring to customers that were affected.

5. Full disclosure. Tell your customers how their information will be used and how you will secure it. Being honest with your customers will help build trust and them the option to not participate with your information request.

I would love to hear your thoughts on securing customer's data. How have you handled this situation and what advice would you give to other business owners who collect customer’s personal information?