The FTC has released a publication to help companies protect personal information. Protecting Personal Information: A Guide for Business

The 28-page guide, available for download (PDF) or order, offers suggestions to help protect sensitive data and prevent a data breach.

The Guide is based on 5 key principles:

1. Take stock. Know what sensitive information you have, where it is, and who has access to it
2. Scale down. Keep only what you need for your business
3. Lock it. Protect the information you keep
4. Pitch it. Properly dispose of what you no longer need
5. Plan ahead. Create a plan to respond to security incidents

I think the Guide is incredibly useful to help assess your security vulnerabilities. Just taking stock can be quite complicated. You need to assess every place sensitive information could be stored, how you get sensitive information (web forms, paper, email) and from whom (banks, customers, partners), and where each type of information will be stored. It’s a hefty task.

The ‘lock it’ principle is a long section, outlining general network security, password management, laptop security, firewalls, wireless & remote access, employee training, and detecting breaches.

The Guide is well laid out and is great for companies of any size.

Tags: business security, personal information, sensitive information, protecting sensitive information, data security, information security, data protection