A few items to consider that could minimize your liability in the event of a breach:
- Maintain only those records that must be maintained. For terminated clients, remove all data, especially those records containing non-public client information from storage (cloud or hard copy storage) that are no longer required. (review Books and Records requirements prior to destroying any documents.
- Consider removing social security numbers for terminated clients from your CRM.
- Consider business information, such as terminated employee non-public information as well. (review Books and Records, HR and IRS regulations prior to any document destruction).
If the non-public information isn’t necessary or no longer required to be maintained, it might be time to clean house.