9. If Third-Parties Request Personal Data — How to Respond

Before providing any personal information to a third-party you should make sure that they are actually authorized to have that information.

Getting Started

Here are some guidelines to help you and your employees determine who is and who is not authorized to obtain personal information about your customers.

  1. Requests from your customers.
    In general, customers are authorized to find out what information you keep about them.
  2. Requests from individuals connected with your customers.
  3. Requests from the government.
    If you receive a request from your state or the federal government to obtain personal information about your customers, and your customers have not consented to the release of their data pursuant to such requests, consult your attorney.
  4. Requests from other people.

Only 28% of small businesses provide training to employees about Internet safety and security.

Source: 2012 National Small Business Study, National Cyber Security Alliance, Symantec, & JZ Analytics.