TRUSTe, a non-profit online privacy group, issued its first set of data security guidelines Monday to assist companies — small and large — evaluate new or existing policies for protecting consumer and employee personally identifiable information. These guidelines are available as a resource for companies that hold TRUSTe's Web and other members of the public.
Increased threat of attacks, lost backup data and reports of outright consumer-information theft has made data privacy a major trust issue when it comes to business-consumer relationships.
The company says it developed these guidelines for any company interested in establishing trust with online customers who are concerned about their privacy and the use of their personal information.
What Every Company Needs to Know
TRUSTe suggests ten "high-level" requirements every company should consider to protect their customer's personal or sensitive data:
- A company-wide data security policy and employee training program
- Internal control over the collection, use and sharing of confidential or private data
- Access procedures that are based on an individual's "need to know"
- Internal control over the management of third-party vendor or outsourced relations
- Administrative control and physical security
- Perimeter controls, such as firewalls and VPN
- Encrypt sensitive data when transmitting across public networks, especially when using wireless or Bluetooth technologies
- Updates for anti-virus software and security patches
- Identity management and authentication procedures (when feasible)
- Regular tests and monitoring
"Direct and open communication between the privacy and security groups within an organization is critical to data protection. The TRUSTe Security Guidelines provide an excellent framework to facilitate discussions and help ensure that the security aspects of privacy protection are addressed both internally and externally," said Tess Koleczek, chief privacy officer at E-LOAN, in a written release. "TRUSTe helps companies address both the technological and cultural steps that a company can take to make its data more secure."
TRUSTe said it devised the recommendations using a combination of intensive research and its years of experience in digital commerce, and that the guidelines apply to a wide range of business environments.
"Security practices are not 'one size fits all,'" said Fran Maier, executive director of TRUSTe. "Factors such as a company's size and complexity, industry category, sensitivity of data collected, number of customers served and use of outside vendors can have a dramatic impact on the steps companies should and can take to protect information. These guidelines lead businesses several steps down the road to making the serious decisions needed to provide a well-guarded home for personal information."
The guidelines are designed to evolve and reflect emerging technologies and business issues that impact the safety, security and quality of sensitive or confidential information used by online companies. These guidelines also provide resources to help companies take the final policy and technical steps in building their security systems.
You'll find the full set of guidelinesis available on TRUSTe's Web site.
Adapted from ECommerce-Guide.com, part of internet.com's Small Business Channel.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|