Handling Sensitive Customer Data

According to Medium, an average company has 534,465 files containing sensitive customer information. The amount is staggering for two reasons: 

1. Often, companies do not need as much information as they collect. 
2. Frequently, businesses neglect to ensure the data are stored and processed in a secure, leak-proof environment. 

96% of American consumers agree companies should take more measures to ensure the safety of their data. But how? What are the main steps on the way to handling sensitive customer data? 

What Is Sensitive Data?

Sensitive data or information is information that must be stored, processed, removed, and kept with utmost care and distributed strictly on the Need To Know basis. PII (personal identifiable information), credit card information, home addresses, tax information, emails, and so on are all sensitive customer data.

Access to sensitive data should be restricted, documented, observed and described in Privacy and Information security policies and directives. 

Handling Sensitive Data: Best Practices

1. Develop a clear privacy policy

According to Businesswire, only 21 percent of customers trust global brands to keep their data secure. Around 31 percent of customers claim they regularly monitor the news of breaches that might involve their data, which they shouldn’t have to do in the first place.

The level of brand trust can be elevated by developing and sharing a clear, well-structured, and detailed Privacy Policy that should describe: 

• The process of collecting sensitive data — there are several ways to collect customer information: by asking customers directly, by tracking customers indirectly, and by getting customer data from third parties. 
• Where the data are used — marketing, research, up-sales, or any other purposes the data can be used for should be clearly described.
• Who has access to the data — who can access the data and what security measures do they take to protect them?
• How the data are disposed of — which procedures mark the data lifecycle, and is the process of deleting the data safe?

Including these points into the policy, and making sure all customers can easily find it, is the first step on the way to forming customer data trust. 

2. Only collect what you need

Too often, we see sign-up forms like this:

35.9 percent of respondents say they do not trust brands because they request too much information. There is also no clear picture as to what these data are used for in the future. 

Collecting only the required sensitive data will elevate the level of trust among consumers. The less information is collected, the less likely the data leak is. 

3. Test for breach risks

All processes connected to sensitive data require testing due to the consequences that can follow a breach. 

Penetration testing is one of the most popular techniques. It is a simulation of a cyberattack, and it can help see weak points and bottlenecks of the entire security system. 

Running frequent or at least regular penetration testing does not substitute right preventative measures, but should become an addition to them. 

4. Protect information by encryption 

Encryption is the oldest and easiest way to protect data. 31 percent of companies admit to encrypting their data at rest on their corporate PCs. All best practices of information security require you to encrypt sensitive data. For information encryption, you may choose one of the four most common encryption methods: 

• Advanced Encryption Standard or AES — the most popular encryption for data at rest and in transit. 
• Rivest-Shamir-Adleman or RSA — the asymmetric algorithm based on the factorization of the sensitive data of two large prime numbers. 
• Triple DES or Data Encryption Standard — a symmetric algorithm used for encrypting ATM PINs. The algorithm is applied to each 56-bit block of data three times. 
• Twofish — encrypts data in 16 rounds, no matter the size of the key. 

Do not forget to develop the procedure for encryption key management. 

Proper encryption will help keep customer data secure. The only things left to remember are regular updates of the policies and regular tests of data decryption.  

5. Dispose of what you don’t need or use properly

There are plenty of reasons to dispose of sensitive data — customers churn, privacy requirements change, going out of business. 

Disposal of information includes several steps: 

Electronic information	Non-electronic information
Wiping hard drive after moving the information to the bin	Destroying documents with sensitive information
Secure erase with obligatory overwrite
Third-party services might be used if hard disk destruction is necessary

Notify customers about the disposal of their information and provide evidence of such disposal. 

Even when deleting the information — customers always come first.

6. Always be prepared

A ransomware attack takes place every 11 seconds. Around 20 DDoS attacks take place every minute. 

Any system can become a target for cybercrime. The only way to prevent leaks of sensitive data is to implement multilevel protection measures and to follow all security protocols to a T. Following up with the latest trends in the industry is also important to stay on top of the game. 

Security and SupportYourApp

The entire team of SupportYourApp is invested into keeping all our systems safe and secure. We are PCI DSS Level 1 Service Provider and ISO 27001 certified, as well as GDPR-, CCPA-, and HIPAA-compliant. We go through constant security training and provide the most secure Support-as-a-Service services to our clients’ customers. 

If you want to find out more about our services, message us at [email protected], and we’ll get back to you soon. 

❤︎ Like it? — Share: Share on LinkedIn or Share on Facebook