This is a brief post on one issue that we've seen come up in the past: Most business owners want to gather as much data as possible on their customers. In general, this is a good idea - tracking your customers will help you understand how they are using your applications, what they're trying to accomplish online, what content they want to read, and so forth. A business that understands its customers better can of course provide a better product or service, as well as target upsells and viral marketing campaigns.
The problem is that some information makes your company a prime target for criminal organizations that want to steal identity and payment information. And if they succeed, you will at minimum be having to handle a major embarassment, and at worst be paying out hefty legal and insurance expenses.
Data you should try to avoid having falls into 3 basic categories:
The most common rules that require you to avoid storing data are the Payment Card Industry Data Security Standard (PCI-DSS) and the Child Online Privacy Protection Act. Specifically, you can never legally store:
Most of payment card data falls into this category. Major payment card processing companies such as Authorize.Net, Cybersource, and Chase Paymentech offer payment profile services. When a user submits payment information, if you wish to use that same payment information in the future, you can request that your payment gateway stores that information rather than you. That way, if somebody breaks into your computer system, your customers' credit card numbers are safely somewhere else.
In addition, you should avoid collecting private personal identity information such as Social Security Numbers or Permanent Resident IDs. Keeping this information unnecessarily exposes your business to legal liability if those numbers are stolen.
If you do need to collect this data for legitimate business purposes, then you should encrypt it, so that someone who has access to the storage device with this data, but not your application software, would be unable to read the data.
The most common information to fall into this category are passwords to user accounts. The problem is that not only are user passwords the way into your application, they are also frequently shared with other applications the user might use. With a user's email address and a commonly used password, a criminal can easily access other accounts, such as their email or even their bank, all before you have noticed that the data has been stolen.
In general, if it is not something you would expect to be published in a phone book or otherwise made consider encrypting it.