Powell & Edwards

View Original

Privacy Policies In The Age Of Unlimited Information

Policy, Shmolicy!

Now why would my small business need a privacy policy?

I hear this all too familiar response almost every time someone asks me what a data privacy lawyer does. Typically, my reply is “why wouldn’t you?” You owe it to yourself to be aware of your responsibilities and liabilities in addition to providing that client a confidence that their information is safe and protected.

In fact, one would be hard pressed to name a business where some degree of personal information is not collected by the business.

If you have employees, you most likely have collected personally identifiable information such as Social Security numbers and dates of birth. Do you keep a written copy of those records; maybe transmit that information to a payroll service or health insurance company? What if your office is broken into, your cloud server hacked or the payroll company experiences a data breech? Did you not see that coming?

Now about your website; do you e-commerce? How do you protect credit card information? Do you store them personally or send to a third-party processor? What about customer records, do you retain those? Does your website allow people to leave comments or to ask if they can hire your business? What happens to that information?

With it being tax season, if you are an accountant or CPA, how are you protecting all of that client information? Are you scanning it into a computer or network, are you sending your clients’ information to an electronic service for processing or calculation? If so, you better be thinking about your data privacy policy.

The truth is, most owners of small businesses have enough things to worry about besides taking time to get a privacy policy in place. Even worse, there are those who just copy one they have seen on another website or at a business they use and just change the names. In some cases, this could be worse than not having one all.

There is no one-size-fits-all solution. Each state has its own laws regarding data privacy, but if you do business with customers in a state that does have specific protections, you better be prepared to follow those laws to the “T” or face serious potential repercussions.

If you don’t have a Privacy Policy in place, you should consult with a data privacy lawyer. They can help you evaluate what your potential liabilities are, what you need customers to be aware of and what your responsibilities to your clients are.

Next time you register for that app on your smartphone or sign that you acknowledge your doctor’s privacy policy, pay a little more attention to what you are signing and see what other business’ are really doing with your personal information. If you run a small business, make sure to consult with a data privacy lawyer sooner than later.