With the passage of several data protection and privacy laws, both domestically and abroad, businesses should prepare for a federal privacy law that may be on the horizon. Writing for In Business, Scott Bennett outlines actions companies should take to assure customers everywhere that their information is secure.
Scott says three steps are of paramount importance:
- Create and/or update privacy policies – Organizations must have an easily accessible policy that outlines how they keep their customers’ information secure, what they do with it and how long it is kept. Template policies are a good place to start, but companies should tailor them according to their practices.
- Establish data mapping protocols – Data mapping examines all data a company collects, where it is located and what is needed. Compliance, security, IT and marketing departments should all be part of this process.
- Minimize data collected and keep only what is needed – By collecting and keeping the minimum necessary information, companies can reduce risk. A document retention policy can improve data minimization.
A leading attorney representing hospitals and healthcare providers, Scott brings extensive knowledge related to data privacy and security, particularly when it comes to HIPAA and protecting sensitive healthcare information. Scott assists clients in complying with federal, state, and international data privacy laws, and in responding to data breaches.