Security: Implement Security Guidelines to Protect Sensitive Personal Data

3. Assign access to customer or employee information on a need-to-know basis. The level of access should relate to job function and should not be based on organizational position or rank.

4. Implement an authentication process to access customer data. When feasible, require employees to go through a two-factor authentication procedure before allowing access to sensitive customer information. The authentication process could include, for example, passwords and biometric identifiers, which can be implemented on computers.