I hear this all too familiar response almost every time someone asks me what a data privacy lawyer does. Typically, my reply is “why wouldn’t you?” You owe it to yourself to be aware of your responsibilities and liabilities in addition to providing that client a confidence that their information is safe and protected.
In fact, one would be hard pressed to name a business where some degree of personal information is not collected by the business.
If you have employees, you most likely have collected personally identifiable information such as Social Security numbers and dates of birth. Do you keep a written copy of those records; maybe transmit that information to a payroll service or health insurance company? What if your office is broken into, your cloud server hacked or the payroll company experiences a data breech? Did you not see that coming?
Now about your website; do you e-commerce? How do you protect credit card information? Do you store them personally or send to a third-party processor? What about customer records, do you retain those? Does your website allow people to leave comments or to ask if they can hire your business? What happens to that information?
There is no one-size-fits-all solution. Each state has its own laws regarding data privacy, but if you do business with customers in a state that does have specific protections, you better be prepared to follow those laws to the “T” or face serious potential repercussions.