The Digital Marketing Association Tuesday said it would be releasing new guidelines next month for best practices for data-break protection. Those include collecting only necessary data and being clear on how it will be used, as well as regularly "cleaning and purging" data.
The announcement came on Data Privacy Day, when many Washington policymakers were focused on data privacy and security issues.
The new guidelines are being presented to the DMA board for approval this week. They include:
"Establish written data security policies and procedures reflective of current business practices (including written policies and procedures related to personal devices v. company-provided devices."
"Provide data security training for relevant staff, including staff who use their own devices to perform their duties to prevent unauthorized access to the organization’s data."
"Include contractual safeguards. Set up a data security breach readiness plan appropriate for the level of data collection. This should include periodic audits of data collection, an assessment of the information collected, a commitment to a data minimization plan and information priority classification scheme, including data destruction and purging, appropriate encryption and password security, and a crisis notification plan and early warning alerts for all stakeholders, including anyone personally affected by data breaches (unless barred due to pending law enforcement investigations)."