Safeguarding customer information policy
Data breaches can cost companies tens of thousands of dollars or more and can pose a significant risk to company operations and reputation. Customer information is usually one of the favorite targets of hackers as it entails confidential details which can be used to commit property or identity theft. Even innocent mistakes such as a lost mobile device which contains (or provides access to) customer information can wreak havoc.
With this in mind, it’s important to establish sound principles for safeguarding customer information. The purpose of this policy from TechRepublic Premium is to establish standards for developing and implementing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of customers’ proprietary information and consumer information.
This policy can be customized as needed to fit the needs of your organization.
From the policy:
The IT department/department of security will be responsible for planning, implementing and maintaining protective measures for information security.
Because data is collected, processed and managed in different ways based on department functions, management within each line of business is responsible for working with the IT department/department of security to develop and implement appropriate department-specific procedures to comply with this policy.
In addition, it needs to:
- Ensure the security and confidentiality of customer information and consumer records and information.
- Protect against any anticipated threats or hazards to the security or integrity of such information.
- Protect against unauthorized access to or use of such records or information.
- Ensure ownership and accountability for compliance per application.