Follow Kara Linkedin Twitter Facebook
Email Kara Email
Legal Issues
Jan 15, 2016

The First Step Of Cybersecurity Plans: Know Your Data And Its Location

Sponsored Content provided by Kara Gansmann - Attorney, Cranfill Sumner & Hartzog LLP

This article in a series on cybersecurity for businesses delves into the first of five main goals of a company’s cybersecurity policy: taking stock of all personal information your business possesses, locating it within your business, and identifying who has access to it. Understanding how personal information moves into, through and out of your business is essential to assessing cybersecurity vulnerabilities.
 
What is personal information? “Personal information” is statutorily defined in North Carolina to include a person’s first name or initial and last name in combination with any of the following: Social Security numbers, employer taxpayer identification numbers, driver’s license or state identification numbers, passport numbers, checking and saving account numbers, credit and debit card numbers, PINs, digital signatures, biometric data, fingerprints, any number that can be used to access financial resources, or a parent’s legal surname prior to marriage. An individual’s email name or address, Internet account number, Internet username, or password may be considered personal information if it would permit someone to access financial accounts or resources. Information in publicly available directories, such as a phone book, or government records such as a person’s name, address, and phone number, is not “personal information” under North Carolina identity theft laws.
 
Where to find personal information: We often think of personal information as just being electronically stored, but it can also be in paper records stored at or by your company. While each business’s collected personal information will vary, here are some places to locate it within your company:

  • Inventory Equipment: Examine your file cabinets, computers, mobile devices, flash drives, disks, employees’ home computers if used for work, digital copiers and other equipment to determine where sensitive data is stored. 
  • Assess Access and Use of Personal Information: Talk to your salespeople, IT staff, HR staff, accounting personnel and outside service providers to get a complete picture of how personal information is received and used in your company. Know who sends personal information from your business. Consider how personal information is received into your business, whether it is by email, website, call centers, contractors or mail. For example, do customers submit payment card information to your company online? If so, where is it stored and for how long? Evaluate what kind of personal information is collected at each point of entry into your business and where that particular kind of information is stored. Finally, examine which employees or others have access to personal information and whether that access is necessary. Identify whether unauthorized people could also access that same information, including vendors who supply or update software or contractors in a call center.
  • Know the Law: While you are taking stock of the data in your files, take stock of the applicable laws. Certain state and federal laws may require your particular business to provide reasonable security for certain sensitive data.
While different data presents varying risks, knowing the kind of personal information your business possesses and where your business keeps it is the first step in a cybersecurity plan to protect your company. In my next article, you’ll learn about step two of a cybersecurity plan: scaling down necessary personal information.
 
Kara Gansmann, a North Carolina native, is an associate in Cranfill Sumner & Hartzog LLP’s Wilmington office, where she focuses her litigation and appellate practice on various aspects of labor and employment law, business and contractual disputes, medical malpractice, and HOA matters. To contact Kara Gansmann, call (910) 777-6055 or email her at [email protected].  
 

Other Posts from Kara Gansmann

Wbj insights revised 0510 121615113531
Ico insights

INSIGHTS

SPONSORS' CONTENT
Lynnwhitesellheadshot

Executive Coaching: Helping Successful Leaders Become More Successful

Lynn Whitesell - Harris Whitesell Consulting
Aaeaaqaaaaaaaaidaaaajdhiztrkodm0lte2yjetngrkmy1hotrmltawmdvlmwqyztmymw

We All Win With Business Competitions

Diane Durance - UNCW Center for Innovation and Entrepreneurship
Michaelhiggins 41019104338

Pre-Planning Essentials For The Frequent Traveler

Michael Higgins - Dignity Memorial

Trending News

N. Waterfront Park Project Could Draw Neighboring Development

Cece Nunn - Dec 9, 2019

Local Bank Officials Comment On Creation Of Truist

Jenny Callison - Dec 9, 2019

Vantaca Moves To MegaCorp's Former Headquarters

Johanna Cano - Dec 10, 2019

U.S. 421 Utilities Expected To Help Lure Jobs

Christina Haley O'Neal - Dec 10, 2019

Mark Anthony Brands Recognizes Coastal Beverage Co.

Christina Haley O'Neal - Dec 10, 2019

In The Current Issue

Retiree Volunteers: 'We're Just Not Done Yet'

More than 6 out of 10 adults age 55 and older engage in some volunteer activity in the U.S. The sizeable number of volunteering retirees can...


Can Tech Giants Break The Bank?

Are tech companies aiming to supplant banks, or are they moving into the realm as partners with established banks to help banks improve thei...


A Wave Of Woes

While recent projects mark major milestones for the Cape Fear Public Transportation Authority, which does business as Wave Transit, the agen...

Book On Business

The 2019 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

2019 Health Care Heroes
August 26, 2019 Power Breakfast: A Healthy Sale?
2019 WILMA Leadership Accelerator
2019 WilmingtonBiz Expo Keynote Lunch - CEO, nCino, Pierre Naude`