Skip to main content

Data Breaches: Know Your Corporate Responsibilities

Data Breaches: Know Your Corporate Responsibilities

It seems that every week or two there is another news story about how a company has breached their customer's data. Customers can hold the company liable for these breeches so it is imperative that businesses be proactive in protecting sensitive information belonging to their clients. The United States Congress has enacted stiff laws for companies who fail to protect information provided to them.

How Some Companies Have Breached Data

Companies need to value their customers' personal information. In recent cases, companies have been found guilty of not shredding sensitive documents, sending out personal information in mass emails and providing links containing personal data to the wrong people.

Data Breach Law in Utah

Utah Code Ann §§ 13–44–101 is the law governing data breaches in Utah. It says that any person who owns or maintains a computer system where personal information is stored can be held liable if a data breach occurs. Personal information includes the person's name including first initial and last name, social security numbers, financial account information, driver's license numbers or state identification numbers.

Unless law enforcement asks for a delay, Utah law says that all people involved must be notified immediately. The notification may be done by sending a letter to the last known address, email, phone calls or contacting the media. If a person or company has been found to be in violation of the law, then they can be fined $2,500 per violation up to $100,000. Furthermore, consumers have the right to take companies to torte court.

Companies Must be Proactive

Being proactive is the best way to protect yourself and your company. A written policy should be in place outlining the proper use of personal information collected from customers or potential customers. Strong safeguards must be put in place to protect information stored on company computers and within the company's physical locations. The only data that should be stored should be those facts important for the operation of the company. Furthermore, access to the data should be extremely limited with safeguards being in place to make sure that third-party vendors cannot access the data.

If you own or operate a business, then it is essential that you protect your customer's data. Taking steps now can pay huge dividends down the road if problems try to rise. Contact T.R. Spencer Law Office PPLC. who can help you be compliant with this Utah state code.

Utah, data breach, data protection