I'd like to know what policies other companies have in place to protect personal data of employees, customers, etc.(data such as Social Security numbers, credit card numbers and the like) For example, is encryption required for transfer outside the company? How about inside the company? It is required in transmission? Is it required in storage? Both? How about inside the company? How about within a database? How about backup tapes sent off-site? Do you require stronger access controls for those who use this type of data in their everyday job?
We're considering stronger policies/standards in this area and I'd like some benchmark information about what other companies are doing. I'm from a large manufacturing company, so any feedback from someone in a similar area would be even more valuable.
Thank you in advance.
November 6, 2005 11:04 PM
November 7, 2005 7:48 AM