Data Security: How to Market Your Data-Security Measures

Finally, exercise sound business judgment. Beware of promotional language such as, “We utilize state-of-the-art security technology,” or “We encrypt your data at all times.” I’ve seen companies that feature both statements on their Web sites. These types of claims are a lawsuit waiting to happen and are a tempting challenge for hackers. The Federal Trade Commission considers it a “deceptive trade practice” to publish claims about your security program that are not substantiated by your actual practices. Instead focus on what you do to secure your customers’ data. Do you follow well-known security standards such as ISO 17799 and COBIT? If you accept credit cards, do you follow the Payment Card Industry (PCI) Data Security Standard? Have you been audited against any of the above standards? If so, can the auditor provide a brief statement you can use?