As we have reached the 4th quarter of 2015, many companies are actively planning for the next calendar year. In the last 12 months, privacy law has become a “front burner” issue for many companies. If your company hasn’t drafted privacy policies yet or if you haven’t reviewed your existing policies in the last 12 months, now is the time. The national media has provided vivid headlines that tell the tale of what happens if you don’t focus on privacy law in your company.
Forbes – The Target Data Breach is Becoming a Nightmare
Fortune – Home Depot Faces Dozens of Data Breach Lawsuits
New York Times – Comcast Agrees to Pay $33M in California Privacy Breach
Every company should have three key privacy policies: (1) a website privacy policy tailored to the data possession and use in your business through your company’s website; (2) a company privacy policy addressing internal data possession and use in your business by your employees; and (3) a data breach response plan that provides a structure for your company to follow in the event of an internal or external data breach. A focused and well-orchestrated approach to your company’s privacy policies will help mitigate the risk – and your potential liability – associated with the mishandling of private information of either employees or customers.