If you don’t have a legitimate business need for sensitive personal identifiable
information,(PII), don’t keep it. In fact, don’t even collect it. If you have a legitimate business need for the information, keep it only as long as it’s necessary.
Don’t use Social Security numbers unnecessarily. Such as an employee or customer identification number, or because you’ve always done it.
Don’t keep customer credit card information unless you have a business need for it. Keeping this information, or keeping it longer than necessary, raises the risk that the information could be used to commit fraud or identity theft.
Check the default settings on your software that reads customers’ credit card numbers and processes the transactions. Change the default setting to make sure you’re not inadvertently keeping information you don’t need.
If you must keep information for business reasons or to comply with the law, develop a written records retention policy to identify what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely when you no longer need it.
Once that business need is over, properly dispose of it. If it’s not in your system, it can’t be stolen by hackers. It’s as simple as that.
Watch these free videos on identity theft, Click Here.