Securing Your Business Against Data Breaches
Data breaches are an unfortunate part of business in the 21st century. Consumers are familiar with news of stolen data from major corporations across the country. But large companies have the advantage of substantial resources and money that can combat this problem. Small businesses are far more vulnerable to the damage that can be caused so it is important that you follow these steps in securing your business against data breaches. The state of Texas takes these issues seriously, and which means companies should as well. Working with a Texas intellectual property attorney, your company can anticipate breaches and develop policies for preventing and responding to them.
Texas law requires that any business handling computerized data that experiences a breach has to provide notice to those affected. These include any residents whose personal information was or is reasonably believed to have been accessed. Personal information includes the following:
- Social Security number
- Driver’s license number or state identification card number
- Credit or debit card number
- Financial account number in combination with any security code, access code, or password that would permit access to such account
The notice must be provided without unreasonable delay, but no later than 90 days after discovery of the breach. Notices can be provided by mail, telephone, or electronic means. Other means of notification, such as public service announcements, can be provided in some circumstances. This is where the security breach affects over 500,000 people or the cost of notification exceeds $250,000. Ask a Texas intellectual property attorney about notification rules and recommended procedures for handling them.
Businesses also must notify the Office of Attorney General no later than when affected residents are informed. One exception is if it is reasonably determined that the breach will not likely harm those whose information was acquired. This decision can only properly be made after appropriate investigation and consultation with relevant local, state, and federal authorities. Considering the level of due diligence required, consult a lawyer before reaching this determination.
A security breach is unauthorized access to or acquisition of electronic files, media, databases, or computerized data containing personal information. But it only applies where access to the information has not been secured by encryption or other method. That is, a company can potentially avoid the requirements of state law by having encrypted or otherwise secured data. Talk to a Texas intellectual property attorney about the requirements of the law and ways your company may be exempt.
These rules apply to companies doing business in Texas who license or maintain personal information in the course of business. That’s a potentially significant number of companies with business ties to the state. If your company routinely handles personal information, it’s a good idea to prevent problems before they occur. This is where having a knowledgeable Texas intellectual property lawyer is essential. An attorney can provide the following services, among others:
- Draft company handbooks containing policies that address storing and securing personal information
- Evaluate existing risks to your company with respect to personal information
- Compliance with privacy laws and those concerning identity theft and the misuse of personal information
- Coordination with local, state, and federal authorities to ensure proper investigations are done
- Review of notices provided to affected customers as required by state law
Not securing personal information doesn’t just risk a company’s relationship with its customers. It can also bring legal and monetary consequences. Failure to comply with Texas’s data breach laws could be considered an unfair trade practice and invite enforcement procedures. These may include fines, among other penalties.
Contact Us for Questions About Your Company’s Data Protection Policies
No company can ever be 100% safe from security breaches. But minimizing risks and responding to breaches appropriately will help your business comply with the law and protect client relationships. The attorneys of Eddington & Worley can help you anticipate data challenges before they become data problems. Call us today to schedule a consultation.