Article
New State Laws Create Challenges for Retailers in Safeguarding Customer Data
Authors
-
- Name
- Person title
- Senior Principal
Retailing Today
by Edwin Lavergne
April 6, 2009
Data security breaches are on the rise, and nearly 20 million American consumers have been affected by identity fraud. In the absence of a federal policy, 45 individual states have enacted laws to safeguard the privacy of their residents. Businesses that collect and store personal information on customers, such as retailers, must comply with a patchwork of regulations that vary from state to state. The stakes are high, since failing to adequately safeguard personal information can result in fines as high as $750,000 and class-action lawsuits for negligence. As businesses scramble to revamp the way they protect personal data, a more comprehensive law is on the horizon. This law will require businesses to implement risk assessment analyses, restricted access policies, disciplinary measures, new documentation practices, and computer security measures. Massachusetts took the lead in this area, with a law scheduled to take effect in May 2009. However, in response to concerns regarding compliance, implementation was postponed until Jan. 1, 2010. This law will affect any retailer that collects data on Massachusetts residents, irrespective of where the retailer is physically located.
The opinions expressed are those of the authors on the date noted above and do not necessarily reflect the views of Fish & Richardson P.C., any other of its lawyers, its clients, or any of its or their respective affiliates. This post is for general information purposes only and is not intended to be and should not be taken as legal advice. No attorney-client relationship is formed.