Protecting Your Personal Information: Best Practices for Small Businesses

Published by the Small Business Committee:

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data— that identifies customers or employees. This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

Some businesses may have the expertise in-house to implement an appropriate plan. Others may find it helpful to hire a contractor. Regardless of the size—or nature—of your business, the principles in this brochure will go a long way toward helping you keep data secure. A sound data security plan is built on 5 key principles.

1) Take Stock – Know what personal information you have in your files and on your computers.

2) Scale Down – Keep only what you need for your business.

3) Lock It – Protect the information that you keep.

4) Pitch It – Properly dispose of what you no longer need.

5) Plan Ahead – Create a plan to respond to security incidents.

For access to checklists to see how your small business “measures up” visit: https://smallbusiness.house.gov/uploadedfiles/2_protecting_personal_information.pdf.