Privacy laws are becoming more consumer-focused, and companies that collect personal information about consumers — and fail to disclose what they do with it — are beginning to find themselves in uncomfortable situations.
New regulations are aimed at protecting people’s privacy, and companies need to know their obligations, particularly if they have an Internet presence and are gathering personally identifiable information about their customers.
If a business collects personally identifiable information — defined in most states as someone’s first initial and last name and an account number, such as a credit card, bank account or driver’s license number — the company has an obligation to keep that information safe.
In 2009, Nevada adopted one of the strictest encryption standards in the nation: Companies must deploy encryption technology for information they gather, and use a recognized standard of encryption to do so.
John Krieger
Laws regarding the specifics of handling a data breach are unclear, but the sooner consumers are notified, the quicker they can act to protect themselves (by changing account numbers, notifying banks, etc.) and the less liability the company will face. If a data breach involves information about California residents, the company is required to distribute a mandatory press release and have the information broadcast by a major news station.
In any case, it is important to plot an appropriate response and notification process.
To protect your company, it is important to ensure that a good data-protection policy and safeguards are in place, and to consult with the appropriate legal counsel and information technology personnel to ensure relevant data-protection issues have been addressed and are included in privacy policies.
When creating a data-security compliance strategy, it is important to perform cybersecurity and cyberliability audits, typically conducted by a company’s IT and legal counsel, to ensure appropriate policies are in place. Keeping encryption and anti-virus spyware software and firewalls up to date and using strong passwords also is necessary, along with creating and enforcing computer-usage policies.
It is critical to know the dangers of a data breach and take appropriate measures to protect customer information. Make sure your company takes the necessary steps.
John Krieger is a shareholder in Gordon Silver’s intellectual property and entertainment/sports departments. He concentrates on intellectual property litigation, trademark and copyright infringement claims, domain name litigation, trade secret misappropriation and unfair competition.