National Consumer Protection Week 2014: Small Business Data Privacy

March 03, 2014

Your Better Business Bureau is celebrating National Consumer Protection Week by providing useful tips each day to avoid scams and be the smartest consumer on the block. Go to, like us on Facebook, or follow us on Twitter to check out our tips each day!

In today’s world, technology is king. In order to be more streamlined and efficient, more consumers and companies are conducting their business online. As online commerce increases, so does the need to protect not only your business’ data privacy, but more importantly the privacy of your consumers.

BBB encourages businesses to follow BBB’s Code of Business Practices, which includes ‘Safeguarding Privacy.’  By protecting data collected and only collecting personal information as needed, it shows a respect for your customers.

Since the lock on a file cabinet is no longer enough to protect valuable information, your BBB has tips to help.

Determine what makes sense for your type of business. This will be based on the type of data that you collect and store, and the kind of resources you have managing that data. If your business keeps information about customers in several formats (e.g., on paper, on computers, and online), you should sit down with a team of your employees — an IT person, office manager, etc. — and discuss these issues together to make sure you consider all viewpoints.

Inventory your data with the following:

  • The type of data you collect, store and/or transmit.

  • How you store your data.

  • Where you store your data for each type and format of customer information.

  • How data is moved and who has access to it.

  • Inventory the data controls you have in place, or don’t have in place.

  • And finally, take into consideration your type of business, and the stationary and portable tools your employees use to do their jobs.

These steps will help you begin to identify the potential ways that sensitive data could be inadvertently disclosed. If you think you need outside help to identify potential leak points, consider consulting with a data forensics team, your bank or the processor that provides your merchant account services.

Evaluate different security methods. Brainstorm different types of security procedures and think about whether they make sense for the type of information you maintain, the format in which it is maintained, the likelihood that someone might try to obtain the information, and the harm that would result if the information was improperly obtained.

Write it down. Type up the checklists you’ve created, the security measures you are taking, and an explanation for why these security measures make sense. Congratulations — you've just created the foundation of your written security policy!

BBB also recommends as a best practice holding regular training sessions for new hires and current employees alike. Helpful and vital topics would include: the importance of diversifying passwords, only using secure websites and being vigilant of phony emails and phone calls when using company devices.