PAGE 42
LOUISIANAAGENT
PRIVACY-RELATED TRAINING AND REGULATORY COMPLIANCE By: Richard J. Bortnick, Esq. Can your small/mediumsized business survive without it? For businesses large and small, compliance with federal, state, and foreign privacy laws and regulations has become an essential obligation. These laws govern a company's collection, storage, use, sharing and disposal of personally identifiable information ("PII"), protected health information ("PHI"), and payment card information ("PCI"). A company's innocent or inadvertent failure to abide by these laws, or its failure to timely and fully disclose how it performs such tasks, can make it a target for regulatory proceedings and civil class actions. These lapses can also be a source of reputational damage. Employment and consumerrelated risks and exposures also have become more prevalent, particularly under the Americans with Disabilities Act ("ADA"). So too, private and public company shareholder suits may loom. In short, the risks are real, particularly for small and medium-sized firms which typically do not have the robust cybersecurity
protections of larger practices to follow: companies. The average cost of a breach was $8.9 million Create and memorialize in 2019. The cost per regulatory compliance breached record was $242 for policies and procedures; PII. The cost per record for PHI was $428. A Deloitte Provide compliance University Press study reveals training to key personnel; that 80% of consumers are more likely to do business Inventory and assess the with companies that have not PII, PHI and PCI collected experienced a privacy event so that you have a record than with a company that has of what is in your suffered one. possession;
So, what do you do? In short, businesses cannot ignore their data security and privacy compliance. While the requirements for each business will be different, there are some general
Update your website home page to comply with applicable laws; Address nondiscrimination issues to provide consumers with the right to equitable
