Concerns over data security are heating up across the country. Make sure you’re doing what you can to keep from landing on the wrong side of a data breach charge.
Data security and privacy issues could well move to the front burner on Capitol Hill this year. Several bills were introduced during the last legislative session, including The Commercial Privacy Bill of Rights Act, which would set minimum standards for disclosing what data you collect and for what purposes. Another, the Data Security and Breach Notification Act, focuses on the data protection side on behalf of consumers.
There’s no need to wait for lawmakers to pass new measures. Using the NAR Data Security and Privacy Toolkit, you can create your own security and privacy system. The kit will help you draft a program that follows best practices while meeting the needs of your business.
- Know the Laws. The toolkit contains a list of laws by state that require notification of security breaches involving personal information. More than half the states also have laws on how to properly dispose of data in order to protect an individual’s privacy. Those are listed as well.
- Take Inventory and Purge. Take time to conduct an inventory of what you’re collecting and why you’re collecting it. Then pare down your data needs to a minimum, and aim to keep what you’ve collected for the shortest span of time necessary. If you obtain a client’s bank account number in the course of a transaction, delete the number from your records once the transaction is closed and you no longer have an essential business reason to hang onto it. The fewer pieces of sensitive data you possess, the better.
- Visit the FTC Web site. Check your policies against a set of best practices from the Federal Trade Commission. These include the need to create clear, written security policies and lock up what you collect (both digitally, using firewalls and passcodes, and physically, within filing cabinets). By following the FTC’s recommendations, you’ll have your system covered.