No one plans to have a data breach. People don’t intentionally leave themselves open to electronic data theft. But because some business owners and managers are not intentional about having a plan to protect their electronic data, many do put their companies at risk of a data breach or theft of electronic data.
Most companies are aware of the risk of information theft associated with paper documents. Many have contracted with paper shredding companies to destroy their paper files. They will even caution people about unnecessarily printing documents to reduce the risk of paper documents getting into the wrong hands. But how many are taking the same care with regard to their electronic data?
Companies are just as responsible for the security of electronic data as they are for paper documents. HIPAA, PCI, and PII regulations apply to electronic data in the same way that they do with written and verbal communications of customer and employee personal information.
Does your company have a written policy and plan to keep electronic data secure? Here are some things to consider for putting together a process for the proper handling of electronic data.
- Take an inventory of ALL electronic data containing devices currently in use. This includes electronic devices that employees use and take with them when working outside of the office. You may also want to consider including BYOD situations.
- Include make, model, and serial number of the devices in your inventory.
- Take an inventory of all data containing devices that are not being used but are still in possession of the company.
- Inventory any new data containing devices as soon as they are purchased.
- Use some kind of encryption software for all electronic data containing devices that are currently in use.
- Find a locked closet, office, or cabinet somewhere in your facility where you can safely store electronic data containing devices that are no longer in use. Identify in writing and by name all people with access to the contents of the locked closet, office, or cabinet.
- Contract with a data destruction specialist to collect and destroy the data stored on the electronic data containing devices.
- Pay for a Certificate of Destruction for added proof that you took responsible steps to securely dispose of any data contained on those devices.
These are just a few tips to consider when putting together a plan to protect the electronic data that you store on data containing devices. Contact us for more information. We can also help you set up a complete data destruction compliance plan.