Friday, October 2, 2009

How to Protect Personal Data

You need to have a methodology for protecting both your electronic data and any physical records you have.

The best way to protect physical (hardcopy) files is to lock file cabinets and restrict access to files to only those who need to have access. You also need to protect against an outside effort to view the files either from a break in or by leaving files open on a desk where the public can see them.

Protecting your computer files is difficult. If you are connected to the Internet, you are vulnerable to any number of attacks. Hackers are constantly trying to break into computers. Robot programs exist that spend all their time trying to break passwords and access computers hooked to the internet. The popular thumb drives are dangerous. They are easy to lose and, if lost, work on any computer. You need to make sure no information is located on the drive that is not encrypted, and the encryption key cannot be on the thumb drive.

Laptops are also dangerous. If you lose a laptop, it is easy to take the hard drive out and put it into another computer, even if it is protected by a password. Remember, the hackers are smarter than you when it comes to computer security. Use the tools that are available to you.

You should have a firewall between your computer and the internet and highly secure passwords to access the computer and key programs. The password should be a combination of letters, numbers and symbols that have no meaning in any dictionary in the world (good luck on this one). Personal information should be encrypted. A lot of computer consultants are going to make a lot of money with this one.

The key is to put a plan into place that protects the information you gather from unauthorized use.

There are heavy penalties for failing to put a program into effect and for the failure to notify the proper authorities if a breach occurs. For most small businesses, the penalties would probably put them out of business. These can include having an injunction taken out against you, restitution, civil penalties, and the cost of the investigation. A civil fine of up to $100 per data subject affected and $50,000 for each instance of improper disposal will be imposed.

There is much more that can be said about the new law. Do you have any experience with identity theft and any tips on protecting data?

I wonder if the rush to protect this information will produce the same yawn and ho hum reaction as Y2K.