Tactical Advice

Protective Order

Look out for yourself and your customers with privacy policies that protect you both.
This story appears in the March 2005 issue of BizTech Magazine.

Robby Birnbaum
Associate Attorney


Thomas Salzman
IT Manager

As a small-business owner, you might think that only large companies need privacy policies. Think again. Small firms also need privacy policies if they collect nonpublic personal information (NPPI) from customers (any information beyond what's available in a phone book) and if the business generates financial transactions with consumers.

 

Federal and state regulations, statutes and case law govern how entities of all sizes treat private customer information. Any company that contacts consumers—via a Web site, a catalog or an office or retail outlet—must adhere to a written privacy policy with procedures that implement that policy. The company must provide customers with written notice of its privacy policy at the time of the transaction, as well as on an annual basis. In turn, customers have the right to opt out of sharing their personal data. These requirements apply to existing as well as new customers.

 

The Gramm-Leach-Bliley Act of 1999 (GLBA) provides protection against misuse of consumer NPPI in the context of financial transactions, such as a purchase or mortgage application. The Federal Trade Commission issued a set of guidelines for businesses complying with GLBA in 2000; the guidelines cover security issues—from physical security precautions, such as locking filing cabinets, to electronic security, including password protection and data encryption. The consequences for failing to comply range from fines to possible revocation of one's business license.

 

No company is too small to attract scrutiny. Greenspoon Marder worked with a small-business client with 12 employees that faced litigation after a customer complained to the state attorney general. That small business sold 20,000 customer names to a third party without giving customers notice nor the opportunity to opt out. The matter was settled out of court, but should serve as a cautionary tale for other small businesses.

 

Action Items

 

So, where to begin? The first step is to create a written privacy policy. You can craft a policy yourself, using established privacy policies as a working model. Have an attorney review the proposed policy for provisions relevant to your industry. This process should take only a few hours of an attorney's time and could help you avoid months of costly litigation later.

 

After documenting your privacy policy, give your customers ample notice of the policy at the time of any transaction (whether or not that transaction is consummated) and on an ongoing, annual basis.

 

Most important, establish procedures that implement that policy for both physical security and information (or electronic) security. Building access codes and document-shredding would be covered by procedures for physical security. Information security procedures would address issues such as network firewalls, user authentication and key encryption of data.

 

After documenting your privacy policy, give your customers ample notice of the policy at the time of any transaction and on an ongoing, annual basis.

Finally, monitor and limit how data leaves your system. Put logs in place to monitor databases and ensure that customer data cannot be accessed without a clear and documented path. Ensure that user passwords can't be easily guessed. Narrowing down how the world outside can access your corporate computer system is critical to the security of customer data.

 

The work of protecting customer data is never done. But the payoff from the effort will make customers more confident that your company will treat their personal information with respect and care. That goes a long way toward becoming a trusted partner.

 

Birnbaum and Salzman are with the firm Greenspoon, Marder, Hirschfeld, Rafkin, Ross & Berger, P.A., in Fort Lauderdale, Fla.
Sign up for our e-newsletter

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...