Category Archives: Data Breach

Avoiding Disaster: How to Avert a Data Breach

Picture

 
  Don’t Collect It In The First Place      One of the easiest ways to avoid seeing your company’s name all over the news for having a data breach is not to collect sensitive information. Unless you absolutely have a compelling business reason to take it from the customer and store it in your systems, do not collect it. Many older forms have a place for the customer or client to enter a social security number but often there is not a valid business reason to have it. For example, I was recently completing forms for my church for one of my children to go on a trip with the youth group. The form, probably the remnant of a form from thirty years ago, requested the child’s social security number. Don’t take socials on the front end and get rid of them if you have them. They will only cause you heartbreak. Similarly, the loss or breach of bank data and health data can trigger liability under the labrynthe of laws that addresses these issues in the United States. If you don’t absolutely have to have this information, don’t collect it.       Along these same lines, get rid of dusty old records sitting in your company’s basement or mildewing on an ancient hard drive somewhere. Not only can these things cause you untold grief if you get sued (you could conceivably have to pay a fortune to review and produce them in discovery), their loss or breach could catapult you into the news for a data breach with the likes of  TJMax and Sony. Do some spring data cleaning and get rid of these things.