Many organizations are either not aware of these regulations or don’t know how to effectively address this issue. Yet this does not excuse them from complying with these requirements. Here are seven best practices in how to meet data encryption and privacy breach notification laws and implementing a secure environment for private data.

1. Use Encrypted Transfer Methods

Identify acceptable methods of transferring or communicating private data. Only transmit private data electronically via encrypted channels. Standard email and ftp systems do not have security measures or encryption, nor does instant message clients.

2. Track All Access to Private Data

Implement systems for auditing and tracking all access and communication of private data, including the ability to detect and report incidents of unauthorized access. You should be able to know exactly who accessed private data, what data was accessed, and when it was accessed.

3. Physically Protect Where Data is Located

Lock and password-protect unattended computers or other data storage media containing private data, even if the user is away for a few minutes. This is especially critical if the storage media is in a location that is accessible by the public.

4. Establish Protection Safeguards

Protect your organization against malware, viruses, network breaches, etc., by installing and updating anti-virus software on all computers, restricting the use of non-approved file sharing or P2P programs or even certain websites, setting up firewalls, closing commonly open ports to your IT infrastructure, etc.

5. Manage User Profiles

Centrally monitor user IDs, passwords, and access levels to private data. For example, terminated employees should have their IDs and access immediately blocked or disabled. Larger firms typically utilize an active directory server to easily manage user profiles.

6. Select Reliable Solution Vendors

If you are using a solution from a third party service provider to transfer or store private data, stick to those that have a track record for reliability and strong industry reputation for supporting data security. SAS70 certification, service level agreements (SLAs), and an established presence in your industry are good indicators of a trustworthy and reliable service provider.

7. Train Your Staff on Security Guidelines

Having a comprehensive security policies program is useless if your employees do not know about it or abide by it. Communicate and train your staff on proper security procedures, including educating users about phishing scams and not clicking or opening suspicious emails or links, keeping passwords in a safe location (a post-it note on your desk is NOT secure), making sure that laptops or laptop bags are not left in open view in cars or unattended locations, etc.

How LeapFILE can Help

Connect with us to learn more about how LeapFILE's secure file transfer & collaboration solutions can resolve data security compliance issues, get updates on data security regulations and join others in discussions for compliance best practices!

Find out how LeapFILE can help you here.