This guide states that though the specifics depend on the size of the company and the kind of information the company has, the basic principles on securing sensitive data remain the same. Whether the work is for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on five key practices: 1) Take stock by knowing what personal information are in the files and on the computer and understanding how personal information moves into, through, and out of the business and who has or could have access to it. 2) Scale down by keeping only what is needed for the effective operation of the business. Don't hold on to every scrap of paper; if there isn't a legitimate business reason to have sensitive information in the files or on the computer, don't keep it. 3) Protect the information that is kept by locking it up. Be cognizant of physical security, electronic security, employee training, and the practices of all contractors and affiliates. 4) Properly dispose of what is no longer needed. Make sure papers containing personal information are shredded, burned, or pulverized so that they can't be reconstructed by an identity thief. 5) Plan ahead by drafting a plan to respond to security incidents. Designate a senior member of the team to create an action plan before a breach happens. List of resources