I will be talking more about this later, but companies, and business owners, need to be aware that they can held liable for compliance with laws that they may not even know exist.
This is something most business owners know (and some fear), but what you, as a business owner, may not know, is that you are required to be compliant with laws regarding your use, handling, and disposal of customer and employee information.
As this article snippet from Hometown News (kbtv4.tv) shows, an attorney general, or even individuals, can come after you for a variety of things if you don’t handle customer and employee information properly.
$50,000 per violation may not sound like much, but with a law that is open to interpretation, $50,000 per violation could mean $50,000 per piece of information that was deemed to have been handled inappropriately. The fines per lost record are $500 (but subject to interpretation), this means that even 10 pieces of paper in a dumpster for 10 different individuals could cost this company $500,000 in fines.
A Liberty CVS Pharmacy that is accused of throwing customer records and sensitive prescription information into a dumspter has the company in hot water with the state attorney general. Gregory Abbott cited the company Tuesday after authorities discovered the records that included hundreds of customers credit and debit account numbers – complete with expiration dates.
CVS is accused of violating the 2005 Identity Theft Enforcement and Protection Act, which requires businesses to protect and properly dispose of documents that include clients` sensitive personal information. Under the law, the OAG has the authority to seek penalties of up to $50,000 per violation.
The office says investigators are now looking to see if any of the exposed data was used illegally.
Additional Note: Tom Fragala made an interesting post about this too called “Shouldn’t the Victims be compensated?”