Privacy

Back in 2005, headlines around the country trumpeted the news that private information on 163,000 people had been stolen from Choicepoint, a data services company. Consumer concerns bout identity theft spiked and Choicepoint was held up as an example of everything that was wrong with data security. That was then.

Today, the company has become what one expert from Gartner called “a role model for data security and privacy practices.” Earlier this year, Daniel Lemecha, ChoicePoint’s chief information officer and senior vice president spoke at the 2007 IDC IT Forum & Expo in Boston about what Choicepoint learned from its experience.

Lemecha’s speech isn’t available online, but he made several recommendations about data security that are valid for you, even if you’re not large data services company. Here they are.

“Clearly define expected behavior and provide tools to simplify compliance for employees.”

Make sure you tell people who handle sensitive information for you what they’re expected to do. Check regularly to see that they’re doing it.

“Create data breach response policies and procedures: Who should be contacted in the event of a breach, and what should the company do for affected customers?”

I’d add one more thing. Develop some standards for when an employee should […]