Manage Learn to apply best practices and optimize your operations.

Data protection strategies: Take steps to protect customer information

Read this tip to learn how to protect yourself when it comes to identity theft.

Businesses are increasingly tasked with processing more and more electronic information. This can be especially...

burdensome for small and medium-sized businesses (SMBs) because of their size and manpower. If their data protection strategies fail, they may be just one click away from disaster. It's a valid possibility that the organization could be held liable if personal data is disclosed to an unauthorized person. The business could also suffer the loss of customers, revenue and reputation.

Most organizations want to do the right thing and are interested in proper controls. Some may just feel overwhelmed by the day-to-day demands of business. A survey performed by CIO magazine found that 14% of respondents said their company had not taken any steps to protect customer information. If you are one of that 14%, take a look at these five basic steps to help get your data protection strategies off on a proactive footing:

  1. Review state and local laws: First examine any state or federal data protection laws that your organization may be subject to and make sure you are compliant. Some states, such as California, have strict privacy laws dictating businesses responsibilities while in position of customer information. More than 450 privacy-related bills have been introduced in state legislatures in just the last several years.

  2. Create a privacy policy: SMBs should develop policies that dictate how to protect customer information. These policies should detail what information is protected and be written in simple language that can be easily understood by customers.

  3. Implement technology to protect the information: Make a solid data protection effort. Policies mean nothing unless organizations actually follow up and implement security controls. A commitment to data privacy means the organization has expended the funds necessary to adequately secure the data.

  4. Educate and train employees on the privacy policy: Training is the lifeblood of any policy change. Don't expect employees to understand change unless they are informed and made aware of its importance.

  5. Publicly post the privacy policy: The policy should be accessible by the organization's customers. Customers are the lifeblood of any business. They should know what steps the business is taking to protect their personal information including: name, address, credit card number, etc.

Customer data is a valuable corporate asset and as such deserves a sufficient level of protection. Customers expect steps to be taken to protect their personal information. In doing so, you are not only meeting expectations but also placing yourself ahead of the competition. If this is something that your organization has put off, now is the time.

Michael Gregg has been involved in IT and network security for more than 15 years. His current responsibilities include performing security assessments and evaluations for corporate and government entities. He has served as the developer of high-level security classes, contributed to several books and study guides and has taught classes for many fortune 500 companies. To comment on this story, email

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.