Taking Steps to Protect Customer Data
The FTC enforces the CAN-SPAM Act, which regulates compliance standards for sending commercial emails. The FTC also protects consumers by enforcing “unfair and deceptive trade practices.” With all of the recent data breaches over the last few years, the FTC is concerned about the consumers whose personal information has been hacked, leading to identity theft and other issues. It was ruled recently that the FTC has the authority to take action against companies that don’t secure sensitive customer data.
The FTC doesn’t have any formal cybersecurity standards yet, but it is likely over the next year there will be more defined regulations regarding how to protect consumer information. This will affect all companies in our industry. Before this goes into effect is a good time to evaluate your current security practices and how you can keep your data as secure as possible. Understanding the way information flows through your system is key.
Consider that even though the chances aren’t high a hacker is going to target you specifically for your user information, malware on your computer or getting your information hacked could also expose the information you store on your users. Here are some steps you can take now to protect your data and the users who have opted into your list going forward:
- Understand what information you currently have.
- What kind of information do you collect on users and how do you receive it? Your AdStation Integrated Agreement requires that you have, at a minimum, email address, IP address, opt-in date, and opt-in time. You could also have information like name, birthdate, address, and phone number.
- Non-sensitive personally identifiable information is information that can be transmitted without harming the person.
- Sensitive personally identifiable information could result in harm to the person if the information is hacked (that could lead to identity theft).
- Where do you store this information in your system and who has access to it? Ensure you are properly protecting the information you store. You need to understand the state of your network security and consider encrypting the user information you have. It is important to understand any vulnerabilities in your system that could allow someone unauthorized to access the information you store.
In 2016, it is highly likely you will see further guidance about data protection and security, whether from the FTC or Congress. Make it your New Year’s resolution to evaluate your current system and see where improvements can be made. Staying one step ahead when it comes to data security will put you at an advantage when guidelines are released, and will also protect you, your database, and your users in the event you are hacked.
For additional data security resources, check out the FTC links below: