Is Your Data Being Protected?

Photo Credit: Pixabay

Better Business Bureau

Not every business that a consumer deals with will be committed to protecting their personal information. That’s why it’s important for consumers to take the protection of their privacy into their own hands, and make sure the businesses that receive their data will safeguard it. The Federal Trade Commission (FTC) received nearly 500,000 complaints about identity theft in 2015. Making sure your personal information is protected is one of the best ways to prevent identity theft. 

BBB encourages consumers to find out the answer to these questions before dealing with a business or entering information on a website. Businesses can use these questions as a framework for ensuring that they’re respecting the privacy and safeguarding the data of their customers:

  • Does the website have a privacy policy? The California Online Privacy Protection Act (CalOPPA) requires any commercial website or online service that “collects personally identifiable information through the Internet about individual consumers residing in California” to “conspicuously post its privacy policy on its Web site”. The policy must include what information is being collected and who it is shared with, along with other disclosures. Make sure any website that may be collecting your information has a privacy policy. If it doesn’t, not only are they breaking the law, they’re also probably not protecting your privacy.
  • How is your data being protected? Every business should have a data protection plan, and be open and transparent about it to their customers. A data protection strategy should detail how data is stored, the security of the storage system and how it’s backed up, recovered and moved. If you aren’t convinced by a business’ data protection or they aren’t transparent about it, don’t feel pressured to continue with the interaction.
  • What is being collected and shared? A website’s privacy policy should be clear about what data is being collected and shared. If you are dealing with a company offline, you’ll know what data you’re supplying them with. However, it’s important to ask if your data is being shared with vendors or partners, or if it’s being sold. Even if the original business is committed to protecting your privacy, their vendors may not be. After figuring out which entities your data is shared with, determine the security practices of those businesses as well.
  • Is the business PCI compliant? The PCI Security Standards aim to protect financial information and cardholder data. The Standards maintain that “payment security is required for all entities that store, process or transmit cardholder data”. Make sure that any business you supply financial information to is PCI complaint.
  • What will be done if your data is stolen? The Identity Theft Resource Center’s 2016 Data Breach Report includes more than 1,000 breaches that exposed more than 36 million records. Every business should have a plan to prevent data breaches. Additionally, the business should have a plan detailing what they will do if a data breach does occur. What measures do they have in place to detect a breach? If a breach is detected, what’s their communication plan for notifying customers? Will they attempt to investigate the breach and mitigate the damage? If you’re concerned that your personal information has been compromised by a data breach, you can find tips and suggestions at