Years of working in IT, especially in the financial and medical industries, have made me more paranoid than most people about data privacy considerations. We’ve all seen the data breach headlines from companies like Target, Home Depot, Adobe and countless others. These are companies with dedicated security teams charged with taking important measures to secure customer data who have nevertheless failed in this effort.
While the threat of a data breach cannot be eliminated entirely, having a written policy and methodically following it will go a long way. In many jurisdictions, companies are legally obligated to have such policies in place, so why shouldn’t you?
Having a written policy keeps any decisions out of the hands of arbitrary choice.
Should you feel inclined to develop a data security policy of your own, feel free to use mine as a template. It is released under the MIT License.