WHAT DO SMALL BUSINESSES NEED TO KNOW ABOUT DATA PRIVACY LAW?
If you own a small business, you know the importance of creating and maintaining systems that allow your business to run smoothly. You have likely spent time and money building a system that performs well and maintains a good reputation with your clients or customers.
Today, it is essential that you take steps to address a concern that is on most consumers’ minds: cyber security. When a customer or client does business with you, they trust that you have the systems and safeguards in place to protect their sensitive personal information. You don’t want your personal information floating around the internet, and your customers don’t either. More importantly, it’s not just good business practice to protect your customers’ personal information – it may be the law.
Personal information includes, but is not limited to:
- First and last name
- Social Security number
- Driver’s License number
- Account numbers, credit and debit card numbers
- Security codes, access codes, or passwords that allow access to financial accounts
- Medical information
- Health insurance information
- User names, email addresses, passwords, and security question answers
Personal information DOES NOT include information that is available through public record.
Privacy rules in the United States are a complex collection of federal and state laws, as well as regulatory guidelines and “best practices” put out by various governmental and non-governmental agencies. There are laws that only apply to particular industries (such as financial services and healthcare), rules for doing business online, and special rules regarding specific forms of communication.
Even without laws telling you to do so, it is good business practice to keep your customers’ personal information protected. Security breaches expose your clients and customers to identity theft. Once a client’s information is out there, there is no way to get it back! Once the damage is done, trust in your business and its carefully-cultivated reputation may be shattered. Beyond bad PR, there may be real costs to your business in the wake of a security breach. You may need to spend money replacing client’s credit cards or other materials (if you are a financial services business), paying penalties and fees, paying for security monitoring for your customers in an attempt to regain their trust, and even hiring an attorney to defend your company against a civil lawsuit.
Creating Internal Data Privacy Guidelines For Your Business
Within your small business, it is also essential that you have an internal set of guidelines that outline how sensitive information is collected, how it is stored, who has access to this information, and how it will be destroyed when it is no longer needed.
Most businesses do not appropriately limit access to sensitive information, both among the staff and around customers and visitors. Take a look at how your business currently stores private information. Consult with an attorney or hire a records management services company to perform an audit of your records storage system.
A good rule of thumb is to destroy any documents that you do not need for the course of business. If it’s not being used, don’t keep sensitive information hanging around. Make sure that your business has a clear information destruction policy. You can hire a shredding service to destroy documents for you, however, make sure that the provider is certified by the National Association for Information Destruction.
Ask A Florida Business Attorney For Assistance
At Kira Doyle Law, we offer a complete spectrum of legal services for business owners. If you are ready to ensure that your business and your clients are protected, start by calling our office in St. Petersburg, Florida, at 727-537-6818 to schedule an appointment with one of our experienced Business Planning Attorneys today!