Security: Implement Security Guidelines to Protect Sensitive Personal Data
1. Use a unique identification or user name for all system users. Ensure that Social Security or account numbers aren’t used as identification or user names.
2. Establish a password usage policy. This policy should require employees to create passwords using a minimum of six alpha-numeric characters. Prohibit passwords based on account numbers, user names, Social Security numbers or publicly available personal details, such as birthdays, or names of children or pets, TRUSTe writes.