Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Consumer privacy is your responsibility: What most small businesses don’t know

Do you know what to do if your customer information is hacked? Consumer privacy is your responsibility, so you should be aware of the rules.

fcc privacy

consumer privacy

Consumer privacy is your responsibility

Recently, Anthem announced that its confidential data was hacked. In March, 11 million customers of Premera lost their information in a security breach. Target agreed to a 10 million dollar settlement over their 2013 data breach. The cost of an average data breach worldwide is around $3.5 million. In the United States, the average cost for each stolen record is $201.

Small and medium sized (SMB) businesses are beginning to realize how important it is to have personally identifiable information (PII) protected. PII can include data such as credit card information or social security numbers, but it’s not limited to that information. There are laws governing what happens when a breach does happen. Forty-seven (47) states have enacted legislation that regulates what businesses must do. The only states that haven’t done so are Alabama, New Mexico, and South Dakota. You can find Texas’ code in the following section of the law: Tex. Bus. & Com. Code §§ 521.002, 521.053, Tex. Ed. Code § 37.007(b)(5).

Most lack confidence that they know the laws

Software Advice conducted a survey of 180 SMBs. Although it was a small group, you can learn from their findings. They discovered:

  • Only one-third (33 percent) of SMBs’ decision makers were confident that they knew the law concerning a data security breach.
  • Only 49 percent of the businesses surveyed had a data breach security plan in place.
  • Eighty-two (82) percent of the businesses said they encrypt customers’ PII.

One problem that businesses face in a security breach is that they often don’t know about the hack until months later. Hackers rely on this and move quickly when they access the PII in a business. Your business has to notify customers as soon as you find out about the breach, but in many cases, it may be too late to protect their information. All you can do is clean-up the mess.

Federal legislation has been introduced

President Obama has introduced federal legislation that outlines a uniform law for the nation, but right now, each state has their own guidelines. Not only do you need to know the law of your state, but where your customers are located.

If your business in Texas has clients in Montana, then you could face legal issues in both states. Just to note, Montana has some of the most stringent laws in the nation.

Advertisement. Scroll to continue reading.

The rules you must follow to protect your clients’ info

The most important thing your business can do is to have a plan concerning your customers’ PII. Insurance is also available for your business to cover your financial losses in case the worst happens. Here are some steps you can take for your own organization:

  • Know the laws. The website of the National Conference of State Legislatures (NCSL) offers a starting place, but it may be a good idea to get legal counsel.
  • Classify your data. This can help you in the next step to have protocols set in place for confidential, secret, or public information.
  • Control your data. This includes monitoring smartphone, cloud devices, and webmail access. Mobile devices are often the weakest link in the chain.
  • Make sure your employees understand “acceptable use” of their work devices.
  • Have a response plan. You don’t want to waste time when you do have a breach by notifying the wrong people who need to be involved.
  • You should not investigate the breach yourself. Law enforcement should be called in. You can damage evidence when you try to handle things yourself.
  • Understand the encryption keys. Don’t leave the keys in the hands of one person. You may want to work with a security consultant to protect to your sensitive data.

Don’t think that because you are a small or medium sized business that you aren’t at risk. Your customers’ PII is very valuable to hackers around the world. They don’t care what the size of your company is. Cyber security threats are very real. Have a plan to make sure your business is protected.


Dawn Brotherton is a Sr. Staff Writer at The American Genius with an MFA in Creative Writing from the University of Central Oklahoma. She is an experienced business writer with over 10 years of experience in SEO and content creation. Since 2017, she has earned $60K+ in grant writing for a local community center, which assists disadvantaged adults in the area.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.



Tech News

Employees love the flexibility of remote work, but some employers are looking to change that with monitoring software. Big Brother much?

Tech News

Get a first look at upcoming tools and tech with Google's new AI Test Kitchen, a curated space where users can try out beta...

Tech News

If you have files on Amazon Drive, the service is being sunset soon - better back those files up.

Tech News

If you open Gmail today, things might look and act differently, but the changes are being well received - here's what's new.

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.