Data Privacy Day, led by The National Cyber Security Alliance (NCSA), is Saturday, Jan 28! This year’s theme is “Respecting Privacy, Safeguarding Data and Enabling Trust”. The mission of Better Business Bureau (BBB) is to be the leader in advancing marketplace trust, and one of our eight Standards for Trust is to “Safeguard Privacy”, so this theme goes hand in hand with ours.
All BBB Accredited Businesses are committed to these Standards, but not every business that a consumer deals with will be. That’s why it’s important for consumers to take the protection of their privacy into their own hands, and make sure the businesses that receive their data will safeguard it. The Federal Trade Commission (FTC) received nearly 500,000 complaints about identity theft in 2015. Making sure your personal information is protected is one of the best ways to prevent identity theft.
BBB encourages consumers to find out the answer to these questions before dealing with a business or entering information on a website. Businesses can use these questions as a framework for ensuring that they’re respecting the privacy and safeguarding the data of their customers:
- How is your data being protected? Every business should have a data protection plan, and be open and transparent about it to their customers. A data protection strategy should detail how data is stored, the security of the storage system and how it’s backed up, recovered and moved. If you aren’t convinced by a business’ data protection or they aren’t transparent about it, don’t feel pressured to continue with the interaction.
- Is the business PCI compliant? The PCI Security Standards aim to protect financial information and cardholder data. The Standards maintain that “payment security is required for all entities that store, process or transmit cardholder data”. Make sure that any business you supply financial information to is PCI complaint. If you’re a business that would like to become compliant, BBB has resources that can help you do so.
- What will be done if your data is stolen? The Identity Theft Resource Center’s 2016 Data Breach Report includes more than 1,000 breaches that exposed more than 36 million records. Every business should have a plan to prevent data breaches. Additionally, the business should have a plan detailing what they will do if a data breach does occur. What measures do they have in place to detect a breach? If a breach is detected, what’s their communication plan for notifying customers? Will they attempt to investigate the breach and mitigate the damage? If you’re concerned that your personal information has been compromised by a data breach, you can find tips and suggestions at org/breach.