1. Conduct an audit to determine what kind of personal customer data your company has and where it is stored.
2. Categorize the data into three categories: highly sensitive, somewhat sensitive and not-so-sensitive. Ask your customers what they consider to be sensitive personal information.
3. Educate yourself on the privacy laws in your state and at the federal level. Subscribe to privacy newsletters to keep abreast of new privacy legislation. You can obtain information from your state privacy office, if it has one, such as California’s Office of Privacy Protection (www.privacy.ca.gov[i]). At the federal level, visit the Federal Trade Communication website for latest rules and decisions (www.ftc.gov[i]).
4. Work closely with corporate counsel to help explain to other executives and business units what the privacy laws mean to your organization and how to comply with them.
5. Negotiate with business unit chiefs so that early in the development of new products and services, managers will discuss if customers’ personal data will be tapped, how it will be used and how it will be protected.
6. Hold periodic privacy workshops for employees to educate them on the importance of protecting customers’ personal information. Presentations should be customized for each business unit or group, with specific examples of the dos and don’ts that relate to employees’ specific job functions.
7. Install monitoring software that tracks who is accessing personal information, for what purpose and match that to your work processes. For example, you should match access to customer accounts with actual customer calls to the call center to make sure employees are not inappropriately accessing customer records.