Several times a week customers tell me to simply look up their contact information to reference past work or get contact information. Every time I’m asked about my computerized records, I have the same answer: “We don’t keep computerized records.” Wouldn’t it make sense for a computer business to keep computerized records?
About five years ago I used a credit card processor that was not only terrible to work with, the credit card terminal was not in compliance with privacy laws. When a credit card is processed, only basic information is supposed to be kept in memory and only long enough to complete the evening batch. The company I was using at that time printed out every digit of the credit card and their terminal was programmed to retain all the information.
Around the same time I was having problems with the credit card company, I was also entering data into a computer terminal with the expectation of retaining customer data for future use. Within six months of starting my database, the computer crashed and proved too much maintenance to sustain a functional system. My little store went from low-tech to hi-tech back to low-tech within months.
Keeping customer records is a tricky business and something that’s not right for every small business. Medical offices were pushed to go paperless which requires keeping computerized records and a somewhat complex interoffice network. Some other professions like accountants couldn’t function easily without computers. Implementing computers in the office requires additional safeguards – at least in the state of Massachusetts.
Massachusetts has laws in place designed to protect the privacy of its residents. Any person or business that retains personal information about a resident of the Commonwealth must comply with 201 CMR 17.00. I’m certainly not an attorney; however, the gist of the law states that any person or business storing personal information about someone must take precautions to keep that data safe. Passwords, security locks, and data encryption are just some of the methods which should be used.
Accounting offices are between a rock and a hard place. On one hand they must have personal information about clients to do their job and file tax returns, on the other hand they are obligated to securely retain that information and maintain their computer equipment to be in compliance. Not only do accountants have to oblige the Commonwealth, they also must maintain systems to be in compliance with IRS standards.
Medical offices have a different set of rules which trump the laws in Massachusetts – but only because they’re significantly more strict. The Health Insurance Portability and Accountability Act (HIPAA) basically states that information about a patient can never become public knowledge. Patient information that is shared is sent on a secure private network connection between the provider’s office and larger networks.
Protecting the security of customer information is one thing; but, protecting the integrity of the computer system is quite another. Retaining customer data for an eternity requires long-term planning to actively backup data in multiple locations in case of catastrophic failure. A secure and redundant method of backing up data should be implemented and reevaluated periodically.
Sitting back and looking at a loose stack of papers on a Sunday afternoon justifies me writing this article. My system works for me and is in 100% compliance with the Massachusetts laws. If you or your business retains customer data you may want to reevaluate your security plans to make sure you’re in compliance with the Massachusetts laws and your data is being safely backed up. Take it from me, sometimes paperless is more of a headache than a simple pen and paper.
(Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. located at 509 Main St. in Gardner. You can call him directly at (978) 919-8059) or visit www.LocalComputerWiz.com.