Small- and Medium-Sized Businesses

Small- and Medium-Sized Businesses

Even small- and medium-sized businesses collect information on their customers and employees. Data that needs to be protected, like preferences in products, their contact information, budgets, HR documents, financial account information and much more. Business stakeholders need to comply with the laws of each state in which their consumers and employees reside. This can be a complex undertaking, but this guide aims to help  with tools, tips and guidance.

Creating a privacy program

Kick-Starting a Privacy Program

It is not enough for a business to create a privacy policy and place it on its website; a business must define policies and practices, verify that their employees are following the practices and complying with policies, and confirm that third-party service providers are adequately protecting any shared information as well. As customer demands and regulatory requirements change, the business’ privacy practices and policies must be reviewed and revised to meet this changing business environment. Read More

Starting up privacy at a start-up

In this four-part series, Stephen Bolinger, CIPP/E, CIPP/G, CIPP/US, CIPM, who spent years at tech giant Microsoft shares some of the strategic and tactical decisions along the way as a first-time CPO, as well as some observations on the differences and similarities between privacy programs and roles at a large multinational versus a small tech start-up.  His Task? Start Up a Privacy Program at a Start-Up (part 1)On identifying and triaging any clear gaps in compliance. His Task? Start Up a Pr... Read More

What’s a nonprofit to do? How to create the (best) privacy program, on the cheap

In nonprofit organizations, just as in for-profits, there's data of great value that merits the highest caliber of protection. But the multiplicity of standards, practices and documentation can be daunting for a nonprofit to consider taking on. When resources are already lean, and funding for compliance is scarce, how can a nonprofit run a top-notch privacy program? As the first privacy counsel and then first chief privacy officer of a national, anti-poverty nonprofit, Annie Bai has grappled with these issues and discusses how to get a top-tier privacy program going on the cheap. Read More

Insight on Protecting Data

How startups can beat breaches on a budget

Data security and privacy concerns are everyone’s challenge because any modern business is dependent on technology in some way. However, security and privacy is not an equal challenge for every business. For established companies, addressing the issue of data security may be a nuisance, but their vast resources can make compliance easier by facilitating the hire of a sophisticated IT security vendor or an experienced data security expert. For cash-strapped startup companies that prioritize growt... Read More

How Small Businesses Can Protect and Secure Customer Information

Many businesses collect "sensitive"data or information from consumers for business purposes. Theft or misuse of this information can put your customers' financial information at risk and damage the reputation of the business. The U.S. Small Business Administration offers tips to help protect both your business records and your customers' sensitive data. Read More

HR Resources

Prudence the Privacy Pro

See all the Prudence the Privacy Pro comics here. They are designed to help educate people throughout organizations about privacy issues in a light-hearted way. PDFs are available to print and and hang in your office. Read More

Privacy notices & online considerations

Personal information online small business checklist

This checklist from the UK Information Commissioner’s Office aims to help small- and medium-sized businesses that operate online to make sure they collect and use information about the people they deal with properly. This checklist applies to information such as customers’ names and email addresses, or records of their purchases or enquiries. It also applies to information collected through the use of cookies, for example where this is used to target marketing at people. Read Now (PDF 458K)... Read More