Data breaches can cost companies tens of thousands of dollars or more and can pose a significant risk to company operations and reputation. Customer information is usually one of the favorite targets of hackers as it entails confidential details which can be used to commit property or identity theft. Even innocent mistakes such as a lost mobile device which contains (or provides access to) customer information can wreak havoc.
With this in mind, it’s important to establish sound principles for safeguarding customer information.The purpose of this policy from TechRepublic Premium is to establish standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customers’ proprietary information and consumer information.
This policy can be customized as needed to fit the needs of your organization.
From the policy:
The IT department/department of security will be responsible for planning, implementing, and maintaining protective measures for information security.
Because data is collected, processed, and managed in different ways based on department functions, management within each line of business is responsible for working with the IT department/department of security to develop and implement appropriate department-specific procedures to comply with this policy.