A Checklist of Information Security Procedures Based on Guidelines of the DMA
Produced in Cooperation with the Federal Trade Commission
Anti-virus software, firewalls, employee training, and plain common sense can go a long way to protect your customer database and to protect consumers from loss and identity theft. But if you leave the door open, allowing personally identifiable information to be stolen or altered, you have not done your job as a privacy and security officer. And, you have compromised the trust between you and your customer. Lose that trust, and consumers will deny you the information you need to build a good marketing relationship. There could be legal ramifications as well.
Security is a heavy responsibility, but it is not rocket science. There are steps you can take to minimize the risk of data loss.
Responding to a call to action from the Federal Trade Commission for all major trade associations to address the security of data, the Data & Marketing Association approved security guidelines for its members. All members must follow four specific ethical guidelines to keep information about consumers secure.
The DMA encourages you to follow this checklist. While these checklists are not necessarily exhaustive for your particular situation, they are useful guides to help you do the right thing for consumers and your company. FTC Mascot Dewie the Turtle is the safety and security symbol for consumers.
“If you don’t make respect for personal privacy and security of information a part of your corporate culture, I can assure you the FTC will be a part of your future.”
– Orson Swindle, FTC Commissioner
Establish information security policies and practices to ensure the uninterrupted security of information systems.
Institute vigorous training and oversight of your designated security team. But dont stop there. Any other employee or contract worker with even occasional access to personally identifiable information must be trained and supervised.
Written policies and training go far, but not far enough. Construct structural and technological walls to contain personal information and run tests to ensure that the system works. Make contingency plans.
The information chain is only as strong as its weakest link. Make sure that personal data in your care are tagged and fenced when they enter your database, while theyre in storage and once they leave. Permit no information transfers without informing business partners to meet your security standards.
Data & Marketing Association
225 Reinekers Lane
Alexandria, VA 22314
Federal Trade Commission
6th & Pennsylvania Avenue, N.W.
Washington, DC 20580