■ Maintain a careful inventory of your company’s computers and any other equipment on which customer information may be stored.
• Take steps to ensure the secure transmission of customer information. For example:
■ When you transmit credit card information or other sensitive financial data, use a Secure Sockets Layer (SSL) or other secure connection, so that the information is protected in transit.
■ If you collect information online directly from customers, make secure transmission automatic. Caution customers against transmitting sensitive data, like account numbers, via email or in response to an unsolicited email or pop-up message.
■ If you must transmit sensitive data by email over the Internet, be sure to encrypt the data.
• Dispose of customer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule, www.ftc.gov/os/2004/11/041118disposalfrn.pdf. For example:
■ Consider designating or hiring a records retention manager to supervise the disposal of records containing customer information. If you hire an outside disposal company, conduct due diligence beforehand by checking references or requiring that the company be certified by a recognized industry group.
■ Burn, pulverize, or shred papers containing customer information so that the information cannot be read or reconstructed.
■ Destroy or erase data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing customer information.