Don’t let a natural disaster become a data security calamity

Share This Page

A natural disaster can wreak havoc on any business. But it’s even worse when that real-world catastrophe becomes a data security calamity.

Before the summer storm season arrives, get your business ready. Just like you gather flashlights, bottled water, and emergency supplies, you can prepare your business by reviewing data retention and disposal practices.  

Why are data retention practices important? As Bob Dylan said, “the answer, my friend, is blowin’ in the wind.” Remember the Brooklyn warehouse fire, where media reports indicate that medical records (including drug tests), bank checks, and Social Security numbers were strewn about the neighborhood. Or tornados in the Midwest which literally blew away sensitive personal information, sometimes even across state lines. 

No one wants that to happen to their business. Of course, you can’t stop a hurricane or tornado. But while the sun is still shining, you can reduce the risk to customers and employees by safely disposing of paperwork you no longer need. The last thing you want is old records, that you should’ve securely destroyed years ago, blowing in the wind. If you hold onto only what you really need, it’s easier to keep it safe – and there’s less to lose in a natural disaster.

To prepare your business, review these data minimization and disposal tips:

  • Take stock. Create an inventory of the personal information you have. That way, if your files are destroyed or lost in a natural disaster, you’ll know what information is involved.
  • Scale down. Collect only what you need. For example, if there’s no business reason why you have to have someone’s Social Security number, don’t ask for it in the first place. Keep records only as long as you have a reason to maintain them. Don’t hold onto customer credit card information unless you have a business need for it.
  • Lock it. Store personal information in the safest part of your building. If information is missing after a natural disaster, contact law enforcement. If possible – this is where your inventory helps – contact affected individuals so they can place a fraud alert on their credit reports. 
  • Pitch it. Properly dispose of what you no longer need. Shred, burn or pulverize paper records before discarding. If you use consumer credit reports for a business purpose, you may also be subject to the FTC’s Disposal Rule. For more information, see Disposing of Consumer Report Information? Rule Tells How.

To learn more about how your business can protect personal information, consult the FTC’s Protecting Personal Information: A Guide for Businesses and the Business Center data security site. And if you want to provide helpful information to your employees or customers after a natural disaster, consider sharing the FTC’s Dealing with Weather Emergencies.  

 

Comments

please keep up the good work I'm loving it.

keep up the good work this website is amazing

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.