Protect Your Customers with this Data Privacy Checklist

September 5, 2019 Jerry Vasquez

Protect Your Customers with the Data Privacy Checklist In today’s climate, it is essential that your organization understand how to manage private data. Ignorance is no excuse, and even a single misstep could land you in hot water with regulatory agencies, media organizations, and your own clients. Use the following checklist to ensure that the protections you have in place are sufficient - and in the event that they are not, make you aware of what needs to change.

  • I have drafted a privacy statement that is easy to read and understand for consumers. Within it….
    • I am transparent about the personal information my business collects from consumers.
    • I am transparent about how that information is used - ie. disclosure to third parties, secondary uses of personal data, etc.
    • I have established defined rules regarding…
      • How data is used and disclosed
      • How long data is retained for
      • How employees are advised and educated on data retention and protection
  • I know what data my business is responsible for, and my employees understand my business’ data protection guidelines.
  • If a consumer does not wish for my business to store or manage their data, there are procedures through which they can take ownership/remove it from my servers.
  • I know where data is stored and how it is secured.
  • I know which employees have access to that data.
  • I have ensured that these are solely employees that need to have access.
  • Where required, I have registered with the Data Protection Commissioner.
  • There is a defined set of security provisions in place for each set of data.
  • The employees responsible for these data sets have been briefed on said provisions.
  • All computers and databases where sensitive data is stored are…
    • Access-controlled
    • Password-protected
    • Encrypted
  • I have taken measures to secure my corporate network, such as…
    • SSLs (Liquid Web offers SSL options for encrypting your transactions online.)
    • Firewalls
    • Strong Authentication
    • Secure VPN
    • Management/control of corporate devices (ie. smartphones, laptops, tablets)
  • Data is regularly checked for accuracy, and time-sensitive data is regularly evaluated.
  • Data protection policies are regularly reviewed and re-examined.
  • Where relevant, I am fully-compliant with regulations such as:
    • HIPAA
    • FISMA
    • PCI
    • NERC
    • PSQIA
    • PIPED
    • The EU Data Protection Directive
    • SOX
    • GLB
    • C-TPAT
  • My employees are fully-educated on protecting private data - both their own and the data managed by my business.
  • My business is an open, public advocate for user privacy rights
  • My business is transparent about government requests for user data.
It is a long checklist, is it not? All the same, it is one that you should mark off in its entirety if you truly wish to say your organization is serious about data privacy. No one ever said it would be easy - but the trust you will foster with your customers (and the trouble you will avoid with regulatory agencies) is well worth the effort.

About the Author

Jerry Vasquez

A self-professed pirate captain with two decades of leadership experience, Jerry has lead teams from 60+ cooks and chefs to 16 Networking engineers in his current role as Liquid Web's Head of Network Operations and Platform. When not working or sleeping, Jerry can usually be found eating and having a good conversation with good people.

More Content by Jerry Vasquez
Previous eBook
“Great advice on any question we’ve ever had” - Weigh Less Case Study
“Great advice on any question we’ve ever had” - Weigh Less Case Study

With a 35% increased traffic rate to Weigh Less's site during the holidays, secure fast servers were a must...

Next Article
Quick Guide to Best Practice for Data Backup
Quick Guide to Best Practice for Data Backup

The only way to fully protect yourself is to regularly backup your data so you can fully recover in the eve...

HIPAA Can Be Confusing - We Have Answers