Privacy +2.0

As I write this column, 2014 has just begun and the air is full of excitement and renewal. For most of us, this excitement has been supported by a terrific holiday season, filled with good cheer and anticipation of a great new year. Those of us who had a subpar holiday season at least may be encouraged partially by these words of context: At least you’re not Target.

More than 40 million cards used in Target’s U.S. stores between Nov. 27 and Dec. 15, 2013, were affected by a massive data breach. Target says customer names, card numbers, expiration dates and three-digit security codes were compromised. We did not have to wait long for the first reported data breach of 2014, as on Jan. 1 it was announced that the day before a hacker published a database containing 4.6 million Snapchat usernames and phone numbers.

The year 2014 will see many more examples of high-profile data breaches. The public is paying more and more attention and is concerned. A recent study commissioned by Cintas Corp. revealed that two-thirds of U.S. adults would not return to a business if their personal information was stolen.

It doesn’t take a genius to see that public awareness and concern about data and document security will lead to greater concern, awareness and inquiry from your customers. The best way to demonstrate to your customers that their documents and data are safe is to become Privacy+ certified. You may have heard that the program is undergoing some exciting changes. Many SDB readers no doubt attended our free webinar last December and already know about these changes. For the rest of you, below is a quick synopsis:

• Privacy+ is a certification program open to all companies worldwide providing outsourced storage and protection of hard-copy records and offline removable computer media. The program is applicable only to participating companies’ physical storage and handling of hard-copy records and offline removable computer media. Privacy+ is not applicable to related services, such as document imaging, shredding services or any form of cloud storage.
• The program has changed from one based on education and self-certification to one in which applicant companies are audited by an independent third party. Kirkpatrick Price is PRISM’s preferred auditing partner for the Privacy+ program. However, if you have an existing relationship with an auditor or prefer to use a different auditor, you can.
• Those who wish to become Privacy+ certified can download the materials they need from the PRISM website.

Dave Bergeson is the executive director PRISM International, Chicago, and can be reached at dbergeson@prismintl.org or at 847-375-4866.