The recent Target security breach has everyone from Attorney General Eric Holder to state governments to business owners focused on consumer data security. Is your business taking the appropriate precautions to protect your customer’s data?
Is your business taking the appropriate precautions to protect your customer’s data?
Target was the victim of a data security breach during Q4 2013 that involved the theft of payment card numbers from “at least 70 million customers,”[i] including their names, mailing addresses, phone numbers and email addresses. This focused more attention on the laws governing customer information safeguards. “Most states have ‘security breach laws’ that require a company to notify their customers if payment card information is stolen.”[ii] Specifics from the National Conference of State Legislators of the forty-six states that have security breach notification laws in place are available here.[iii]
There is currently no federal law that specifically addresses data security breaches, but this may soon change. Attorney General Eric Holder recently “called on Congress to create a…national standard for quickly alerting consumers whose information may be compromised by cyber attacks.”[iv] In the meantime, what are your responsibilities as a business owner?
Look to the Federal Trade Commission for guidance.
“The FTC regulates and oversees business privacy laws and policies that impact consumers,”[v] and has pursued legal action against companies that violate consumer privacy rights under the FTC Act.
The Bureau of Consumer Protection Business Center provides compliance resources from the FTC for the collection, storage, securing, and disposal of sensitive consumer and employee information.[vi] Collecting financial data, personal information from children, or any data from credit reports comes with another set of requirements. The Gramm-Leach-Bliley Act governs financial institutions, while the Fair Credit Reporting Act mandates your responsibilities if you use consumer reports or credit reports.
A business owner should know and follow their state laws regarding any data breach. The free resources and best practices provided by the FTC offer additional safeguards and guidelines for protecting sensitive information. Don’t wait until it’s too late; secure your customer and client data today.
Let’s Get Started
IBERIABANK specializes in helping small businesses grow.
[i] CBS News Eric Holder: Consumers must be notified about data breaches
[ii] USA TODAY Target’s data breach highlights state role in privacy
[iii] National Conference of State Legislators State Security Breach Notification Laws
[iv] U.S. Department of Justice Protecting Consumers from Cybercrime and Identity Theft
[v] SBA.gov Privacy Law
[vi] Business.ftc.gov Privacy and Security