By Jacqueline McClure
Genesis Background Screening Services
Many companies use and store sensitive information throughout their organization. If you haven’t thought through your processes by making a plan for the type of information you collect, the time you retain it, who has access to it, and how you dispose of it, your company could be at risk of non-compliance with the FTC (Federal Trade Commission).
PII (Personal Identifier Information) includes full name, DOB (date of birth), SSN (Social Security Number), home address, alias names, DLN (driver’s license number) or any other identifying characteristics about a person. Most companies are already aware that they need to protect this information from outsiders infiltrating their systems, but may have ignored the substantial risk involved with personnel within their company. Keeping access on a “need to know” basis will help contain information and limit use of it only to those that need it to perform their job.
Take advantage of the ability to set up separate user accounts where personal data is stored. Control who can use particular databases and utilize different access/permission levels for individuals depending on their job need. Regularly review job descriptions to confirm who really needs access. As personnel and processes change, make sure passwords get changed and that you are always aware what needs to be restricted.
If you are disposing of any digital media or hardware, hire a company to perform full wipes. For company issued portable electronics, have the ability to remote-wipe the memory in case of theft or loss. Do not allow anyone to use personal devices for work related tasks and don’t share admin usernames and passwords.
When dealing with paper files, use good common sense: Lock file cabinets with keys issued only to authorized personnel. Keep a strict log for files and don’t allow them to leave the workspace. Instruct all staff that works with sensitive information to keep their desks clear of any files and to lock their drawers and cabinets when they are not at their desk. Anyone faxing pages containing PII must supervise the fax machine and remove any originals immediately. Shred all documents that contain PII – never throw intact documents in the trash or recycle bin.
Of course, limiting access in your company is only half the equation. Your staff that is entrusted with sensitive information needs to be thoroughly screened to reduce risk to your clients, your employees, and your company. For more information about choosing the right employees to protect your data, you can call Genesis Background Screening Services at 866 944-0041 ext 103, email firstname.lastname@example.org or visit www.genesisbackgroundscreening.com