Taking Steps to Protect Customer Data

Jessie Sight Blog, Compliance Leave a Comment

The FTC enforces the CAN-SPAM Act, which regulates compliance standards for sending commercial email. The FTC also protects consumers by enforcing against “unfair and deceptive trade practices.” With all of the recent data breaches over the last few years, the FTC is concerned about the consumers whose personal information has been hacked, leading to identity theft and other issues. It was ruled recently that the FTC has the authority to take action against companies who don’t secure sensitive customer data.

The FTC doesn’t have any formal cybersecurity standards yet, but it is likely over the next year there will be more defined regulations regarding how to protect consumer information. This will affect all companies in our industry. Before this goes into effect is a good time to evaluate your current security practices and how you can keep your data as secure as possible. Understanding the way information flows through your system is key.

Consider that even though the chances aren’t high a hacker is going to target you specifically for your user information, malware on your computer or getting your information hacked could also expose the information you store on your users. Here are some steps you can take now to protect your data and the users who have opted in to your list going forward:

  1. Understand what information you currently have.
    • What kind of information do you collect on users and how do you receive it? Your AdStation Integrated Agreement requires that you have, at a minimum, email address, IP address, opt-in date, and opt-in time. You could also have information like name, birthdate, address, and phone number.
      • Non-sensitive personally identifiable information is information that can be transmitted without harming the person.
      • Sensitive personally identifiable information could result in harm to the person if the information is hacked (that could lead to identity theft).
  2. Where do you store this information in your system and who has access to it? Ensure you are properly protecting the information you store. You need to understand the state of your network security and consider encrypting the user information you have. It is important to understand any vulnerabilities in your system that could allow someone unauthorized to access the information you store.
  3. How do you share this information? This should be outlined in your privacy policy. If you are sharing any sensitive personal information, it must be secure when you transport it.

In 2016, it is highly likely you will see further guidance about data protection and security, whether from the FTC or Congress. Make it your New Year’s resolution to evaluate your current system and see where improvements can be made. Staying one step ahead when it comes to data security will put you at an advantage when guidelines are released, and will also protect you, your database, and your users in the event you are hacked.

For additional data security resources, check out the FTC links below:

About the Author
Jessie Sight

Jessie Sight

Jessie is the Compliance Lead for AdStation and is responsible for ensuring the channel and its partners remain compliant with industry regulations. She is a Certified International Privacy Professional (CIPP/US) based at the Kansas City headquarters.

Leave a Reply

Your email address will not be published. Required fields are marked *