The Federal Trade Commission, which has brought several lawsuits against large companies where sensitive customer data was exposed, holds small businesses to the same standard of reasonableness, said Lydia Parnes, director of the Bureau of Consumer Protection at the FTC.
However, Parnes said, how that standard plays out depends on the nature of the information at stake.
"What were looking for is to have small businesses apply standards that are reasonable in light of the information that theyre storing," Parnes said. "Theres no business around that would leave a stack of money on a table, for people to just walk in and take. What were really saying … is that information about consumers, about your customers, is the new currency."
To simplify the subject of data security and help small businesses reduce their risk of breaches, the Council of Better Business Bureaus joined Privacy & American Business, an offshoot of The Center for Social & Legal Research, in Hackensack, New Jersey, in launching an educational program that will include free tool kits on security and privacy for customer and employee data.
The customer tool kit is available now, and the employee kit will be available in the fall. These kits will be distributed by local Better Business Bureaus nationwide and by several large corporations sponsoring the program, including IBM, Verizon Wireless, Visa U.S.A., eBay, PayPal, Equifax and The Wall Street Journal.
The program, called "Security & Privacy—Made Simpler," will include a downloadable Web seminar featuring experts and ongoing updates. The initiative emphasizes the importance of developing a security and privacy plan and offers reminders of network safety procedures to follow, such as shredding documents, ignoring phishing e-mails and spot-checking employees backgrounds.
With limited staffs, small businesses often do not have in-house experts to advise them on the steps they should take to secure their networks, said Steve Cole, president and CEO of the BBB Councils, headquartered in Arlington, Va. Cole said both high-tech and low-tech security precautions can be missed.
"Its amazing how many people forget to lock up things physically," he said, adding that security challenges will only increase as wireless networks become ubiquitous.
Cole said the primary driver for implementing effective security controls is not the threat of FTC enforcement, but the opportunity to better serve customers. "This is a marketplace issue," he said. "Its not that [Parnes] is going to be on 23 million businesses backs next year. There are stronger reasons for looking at this material."
The recommendations can be seen here on the BBBs Web site.