Collecting personal financial information from your customers brings with it a responsibility to protect that information. In this age of identity theft, an important part of your customer service is to ensure that the personal information you receive is protected. Whether it’s a social security number or credit card information, your customer is entrusting you with their financial well-being by giving you the information.
By creating policies about how you handle customer data, you not only protect your clients but you also limit liability for your business. Identity theft is a growing problem and you don’t want to be accused of being the source of an information leak that compromises someone’s financial security.
Where to Begin
The starting point for creating an effective policy is to identify the types of information you collect, who has access to it, how long you keep it, where you store it (in either hard copy or electronic format) and finally, how and when you destroy it.
Businesses of all sizes need to protect their client’s information. Whether you’re a real estate salesperson who takes a credit application for a lease, an employer with a drawer full of employment applications, a mortgage broker who has dozens of loan applications floating around your desk, or a retailer who accepts credit cards, you need to be aware of what happens to the information you collect and be proactive about securing it in order to protect your business.
Privacy is a hot topic these days. Medical offices are subject to the HIPPA rules which have stringent requirements about disseminating anything in a patient’s file; the Federal Trade Commission (FTC) enforces the Disposal Rule which covers businesses who use consumer reports in any capacity; the Gramm-Leach-Bailey Act covers financial institutions; and the IRS is even studying how accountants protect their clients’ social security numbers.
Even if your particular business is not covered by a specific regulation, it’s a good risk management practice to make certain you maintain control over any personal information you collect and safeguard it appropriately.