How are you protecting customer data?
Grant sensitive data access only to the people who need it to perform their jobs. Update this list regularly to account for people changing roles. This is especially true for engineers with administrative access to your infrastructure, as well as former vendors and consultants.
Team collaboration tools often have default settings that allow everyone in your organization to access all content. The risk? Sensitive data such as member lists, email addresses, or resumes may be easily available to more people than you think.
Data is often handled and stored in multiple formats and countries, and by multiple parties.
Make sure you understand how your data will be handled, including any profile-building, sharing or selling. Common outsourced services include: recruitment, payroll, benefits, emails, surveys, donations and customer support. And these services may use other companies to host your data.
Employees who work in HR may handle sensitive personal data in several locations including paper, local desktop computers, shared online drives and third party platforms.
Appropriate security will depend on the type of data you have, where it’s located and what your resources are. It also includes managing the vendors and consultants who provide your outsourced services.
Data can be compromised in many ways. It is often an unexpected and resource-intensive effort to understand the facts and make decisions in a timely manner.
Depending on the problem and risk it creates, you may also need to notify the people impacted or their governments.
A basic incident response plan should identify how incidents are reported and escalated for appropriate review. This includes incidents identified by employees, customers, and vendors.