Lock up sensitive paper files. Protect client and patient files, private company data and anything that is not for public view by storing them in a locked cabinet.
Restrict access to private data. Establish written documentation related to who can have access to restricted information, in both electronic and physical forms. Establish passwords that are only known by individuals who need access to these files. Paper documents should be locked with keys given to those who are approved to see the files, or a gatekeeper who can provide access.
Get rid of information you don’t need. Store your customers’ personally identifiable information (PII) as long as it’s legally required. Understand the regulations and laws about securely storing and discarding PII.
Secure your premises. Install an alarm system that alerts law enforcement officers of a break-in. Video surveillance equipment and motion-sensitive cameras offer a higher level of protection, as will security guards and random security patrols.
Require non-employee guests to sign in. Before entering your office, all visitors should show identification and sign in at a reception desk. That includes vendors, customers and prospective employees. Keep guests from areas that are restricted—meet in a public conference room.
Screen all employees. In addition to conducting a background check on all employees, especially those who will have access to sensitive information. That includes cleaning crews, technicians and temporary employees. All employees should also sign a confidentiality agreement prior to their first day on the job.
Establish data protection protocols. Distribute data protection protocols to all employees. Review and revise these practices on a regular basis, at least annually. Communicate protocol changes to employees.
