Guide to secure data storage

Data has become one of the most valuable and tradable currencies in the world.  It is no surprise then, that it has also become the favorite target of some scary people. This makes secure data storage more important than ever.

Data that must be stored securely includes:

1. Personal identification information (PII). Names, date of birth, social security numbers, addresses, phone numbers, and more.
2. Financial data like credit card numbers, bank account information, and tax records of your employees, customers, and others.
3. Health information like medical records, prescription information, insurance details, biometrics, and genetics.
4. Other sensitive data about people’s race or ethnic origin, religion, education, political affiliations, sexual orientation, criminal history, and trade union or association memberships.
5. Confidential business information and intellectual property such as patents, trademarks, trade secrets, and financial reports.
6. Government information such as classified documents and sensitive national security information.
7. Legal information such as confidential client information and attorney-client privilege communication.

Most of us do not store classified government documents. However, we do accumulate plenty of personal, financial, health, and other sensitive data about our customers and others. For this article, we’ll be focusing on how you should store personal and sensitive data belonging to other people. Especially your customers. However, the storage guidelines we’re about to discuss for customer information can be applied to many types of data.

The first thing you should consider is whether you should collect the data at all. Minimizing the data you collect in the first place is a great way to save time, and reduce storage costs and liability. Once you have the data consider if you really need to store it. Keep personal data only if necessary for the purpose for which you collected it. Avoid storing unnecessary or sensitive data.

Make sure you have the appropriate consent or another legal basis for collecting and storing personal data. Privacy laws also require you to take reasonable “technical and organizational” measures to protect sensitive data. Start protecting the data from the time you request or receive it. Then, you must continue to protect the data for as long as it remains in your storage.

Specific requirements for secure data storage may vary depending on the type of data being stored and the laws and regulations that apply to you. But here are some solid guidelines on how to store customer data securely. Make sure you do these 5 things:

1. Choose a secure storage method. Store personal data in a secure location, such as an encrypted database, a password-protected file, or secure cloud storage service.
2. Keep backups and perform updates. Make regular backups of your data and store them in a secure location to ensure that you can recover the data in case of loss or corruption.
3. Limit access. Only give access to personal data to those who need it for legitimate business purposes. Keep track of where personal data ends up, who accesses it, when, and for what reason.
4. Use strong passwords. Educate your team on how to create strong passwords to keep unauthorized persons from getting into their work accounts. Change all your passwords regularly.
5. Protect your work devices. Prevent theft or damage by keeping your phone and computer in a safe place when you are not using them. Use lock screens and passwords to prevent unauthorized access. Keep physical files behind locked doors.

Finally, audit yourself by checking up on all of the above from time to time. Are your policies still appropriate for the types and amounts of personal data that you store? Does everyone on your team understand and follow your security rules? Check your systems to make sure everything is working properly. Fix any vulnerabilities.

Not everyone on your team needs access to all personal data. However, data should be easily accessible to someone who can check to make sure it is up-to-date. This should be done regularly. Review and update customer data to ensure that it is accurate. You will also need someone to access it quickly to respond to data requests.

Most companies already have years and years’ worth of personal data scattered around in different storage locations and emails. Where do you store personal data? Use DataMapper to find out where your data is, how old it is, who has access to it, and whether it is safe.