Are you ignoring data privacy laws? If so, you could be subject to significant fines and penalties.
The fact that the U.S. does not have one universal federal privacy law does not mean business owners can ignore the protection of personal information. In fact, since no universal law exists, data privacy laws in the U.S. have developed over the years within other laws and regulations at both the federal and state level, which makes it even harder to know what laws impact your business. So, it is very important that business owners understand how the gamut of U.S. privacy law impacts their businesses and what steps must be taken to protect personal information.
Data privacy laws require companies to protect individuals’ personal information. These individuals called “data subjects” are the ones about whom information is being processed and can include a consumer, patient, or employee. These laws provide data subjects with rights regarding their personal information and penalize companies that do not properly protect and safeguard such information. In the U.S., the terms “personal information” and “personally identifiable information” are generally used to define the information that is covered by privacy laws. Examples of this type of information include name, gender, street address, telephone number, and email address. These definitions also include any information that could be used individually or collectively to identify an individual. “Sensitive information”, an important subset of personal information, require additional privacy and security limitations to protect its collection, use and disclosure. Sensitive information includes Social Security numbers, driver’s license numbers, financial information, and medical records. Information considered to be sensitive varies depending on jurisdiction and particular regulation.
Are you processing personal information?
A business owner needs to understand that almost anything that someone does with personal information may be considered processing under data privacy and protection laws. The term “processing” refers to the collection, organization, storage, modification, retrieval, use and disclosure of personal information. Therefore, if you have employees or customers, you most likely are subject to data privacy regulations.
Also, if you are offering goods or services to European subjects, your business may be subject to the EU’s General Data Protection Regulation (GDPR), which expands the rights of individuals regarding their personal data and imposes significant fines and sanctions for violations.
One of the newest U.S. data privacy regulations is the California Consumer Privacy Act (CCPA) that became effective on January 1, 2020 and potentially impacts companies that do business in California and obtain personal information of California residents. The CCPA brings rigorous data protections to the U.S. similar to the EU’s GDPR. So, if you are doing business in California or offering good or services to California residents, you may be subject to these stricter data privacy regulations and at a minimum need to update your privacy policy to reflect the disclosures required to be made to California residents under the CCPA.
Are you taking adequate precautions with personal information?
One of the most important things a business owner can do to balance the risks and benefits of processing personal information is to implement a robust information management program including the development of privacy policies. Privacy policies inform employees about how personal information must be handled.
Do you know whether data privacy laws impact your business? Which ones? Are you ignoring them?
Do you have adequate protections in place to safeguard the personal information your company processes?
Do you understand the ramifications if your company is in violation of data privacy laws?
New data privacy laws are being implemented each year, so it is imperative that business owners have someone to help them stay on top of these ever-changing laws.
We are here to help you and your business navigate the web of data privacy regulations. If you have any questions, please contact Chuck Munn or your Manning Fulton relationship attorney.