Is Your Data Being Protected?

Data Privacy Day, led by The National Cyber Security Alliance (NCSA), is Saturday, Jan 28! This year’s theme is “Respecting Privacy, Safeguarding Data and Enabling Trust”. The mission of Better Business Bureau (BBB) is to be the leader in advancing marketplace trust, and one of our eight Standards for Trust is to “Safeguard Privacy”, so this theme goes hand in hand with ours.

All BBB Accredited Businesses are committed to these Standards, but not every business that a consumer deals with will be. That’s why it’s important for consumers to take the protection of their privacy into their own hands, and make sure the businesses that receive their data will safeguard it. The Federal Trade Commission (FTC) received nearly 500,000 complaints about identity theft in 2015. Making sure your personal information is protected is one of the best ways to prevent identity theft.

BBB encourages consumers to find out the answer to these questions before dealing with a business or entering information on a website. Businesses can use these questions as a framework for ensuring that they’re respecting the privacy and safeguarding the data of their customers:

  • Does the website have a privacy policy? The California Online Privacy Protection Act (CalOPPA) requires any commercial website or online service that “collects personally identifiable information through the Internet about individual consumers residing in California” to “conspicuously post its privacy policy on its Web site”. The policy must include what information is being collected and who it is shared with, along with other disclosures. Make sure any website that may be collecting your information has a privacy policy. If it doesn’t, not only are they breaking the law, they’re also probably not protecting your privacy.
  • How is your data being protected? Every business should have a data protection plan, and be open and transparent about it to their customers. A data protection strategy should detail how data is stored, the security of the storage system and how it’s backed up, recovered and moved. If you aren’t convinced by a business’ data protection or they aren’t transparent about it, don’t feel pressured to continue with the interaction.
  • What is being collected and shared? A website’s privacy policy should be clear about what data is being collected and shared. If you are dealing with a company offline, you’ll know what data you’re supplying them with. However, it’s important to ask if your data is being shared with vendors or partners, or if it’s being sold. Even if the original business is committed to protecting your privacy, their vendors may not be. After figuring out which entities your data is shared with, determine the security practices of those businesses as well.
  • Is the business PCI compliant? The PCI Security Standards aim to protect financial information and cardholder data. The Standards maintain that “payment security is required for all entities that store, process or transmit cardholder data”. Make sure that any business you supply financial information to is PCI complaint. If you’re a business that would like to become compliant, BBB has resources that can help you do so.
  • What will be done if your data is stolen? The Identity Theft Resource Center’s 2016 Data Breach Report includes more than 1,000 breaches that exposed more than 36 million records. Every business should have a plan to prevent data breaches. Additionally, the business should have a plan detailing what they will do if a data breach does occur. What measures do they have in place to detect a breach? If a breach is detected, what’s their communication plan for notifying customers? Will they attempt to investigate the breach and mitigate the damage? If you’re concerned that your personal information has been compromised by a data breach, you can find tips and suggestions at org/breach.

Rebecca is the Community Outreach Coordinator for BBB serving the San Francisco Bay Area and Northern Coastal California. She works to advance BBB’s vision of an ethical marketplace where buyers and sellers can trust each other. She does this by developing content such as blog posts, press releases, newspaper columns, and PSAs to educate businesses and consumers. Rebecca also represents BBB at community events.

Tagged with: , , , , , , , , ,
Posted in Computers - Internet - Privacy, Consumer Tips, Consumer/Business Services

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: