There’s been a lot of news lately about security breeches and stolen user data. Which started me thinking, again, about our own security. No company – especially a small company – is perfectly safe from hackers. So, I decided to write to let you know what information we keep about our visitors and customers.
When I first started selling seminars and products I thought carefully about the whole issue of security. (I was reminded of the apocryphal quote from Willie Sutton: “I rob banks because that’s where the money is.”)
So what I decided to do was minimize the information our company keeps on file to minimize the risks if we were hacked. As a result, all our customer information is stored locally (inside our company) in a secure database on a server which can only be accessed when a staff member is physically in the office.
FOR WEBSITE VISITORS
There is software that allows us to learn personal information about our visitors. We are not using it, because I don’t like it. We track aggregate information so I that I can compile statistics like most popular articles or to discover which articles generate very little interest.
FOR ALL CUSTOMERS
FOR VIDEO TRAINING LIBRARY CUSTOMERS
FOR DOWNLOAD PRODUCT CUSTOMERS
FOR CUSTOMERS REQUIRING WE SHIP THEM PRODUCTS
FOR SEMINAR ATTENDEES
FOR WEEKLY NEWSLETTER SUBSCRIBERS
CREDIT CARD PROCESSING
All of our credit card payments are handled by a separate company that specializes in credit cards. (These companies are called “Credit Card Processors” and are governed by the credit card companies themselves.) We also abide by all the financial security rules required by both the credit card processor and the credit card issuers themselves.
As part of these requirements, we are not legally allowed to keep credit card numbers or expiration dates on file. So, we don’t. This is why, when there’s a problem with your account, we need to contact you to get your card number so we can fix it.
All recurring billing for our Video Training Library subscribers is handled either by our credit card processor or PayPal, depending upon what you used when you first signed up.
And, for those times when we are working to resolve a technical issue and you give us a credit number to keep on file, we will only retain that card number as long as the issue is unresolved. As soon as the case is closed, we remove your card number from our records.
SUMMARY
Security is an ever-present concern, and we are always looking for ways to improve the security of our websites and financial processes. Because of this, I wanted to tell you what we are doing and the information we keep so that the only person that needs to stay awake at night worrying about this is me.
Thanks.
Larry
One Response to Security: The Data We Don’t Keep
Larry:
Excellent presentation of your data policy. For me, I think it is extremely responsible and wish other companies would adopt a “only the bare minimum necessary” type of policy.
Best, Lou Hemsey
Lou Hemsey Music and Film
H Entertainment inc