Regardless of your opinion concerning Microsoft, there is a wealth of useful information on their websites. I came across the following article and thought it was especially useful.
Get serious about privacy: 6 tips for small businesses
Pay close attention to the very first tip listed, “Take inventory of the personal information you collect and store”. The intent here is to know what you are keeping. The second tip deals with how you keep and store this information.
But, I think Microsoft is missing a very critical precursor recommendation and that would be…
Only collect and store information you actually need
Many businesses ask for more information from customers than is really needed. For example, if your credit card payment scheme simply passes the credit card information on to the card processor, then don’t store the number on your servers. If you need a way to get back to the individual transaction you can store the transaction number and/or the last 4 digits of the credit card number. Other data that is often stored, but not needed, might include telephone numbers, birth dates,
The point here is that you can minimize your exposure if you don’t store more information than is required for your business.
