With the Privacy Commissioner of Canada revealing it had conducted an audit into Richmond Hill, Ont.-based Staples Inc.’s inability to effectively wipe out hard drives, many small businesses might have data security on the brain this week.
With third parties like Staples falling short of protecting customer data, its a reminder for businesses that they must do everything they can to make sure their sensitive data doens’t fall into the wrong hands. In some cases, it might be more than just a piece of good advice to practice good data security – it might be a requirement.
Data security is important for staying compliant with the Payment Card Industry’s (PCI) Data Security Standard (DSS) and the group has auditors that investigates breaches of small businesses that suffer breachs, says Michael D’Sa, Visa Canada’s data security and investigations senior manager. It’s up to the merchat to make sure it is compliant with the security requirements, and that includes evaluating the software vendor that you’ve chosen to use.
“Store the absolute minimum that you need to store,” D’Sa advises in this video from March 12, 2009.