Any retailer who collects personally identifiable information of individuals online will be subject to a number of laws and regulation about gathering, protecting, and disseminating customer data. It is vital for all retailers, and particularly those doing business online, to have an organization-wide security program. The recommended elements for such a program may vary depending on the company’s size, online sales, and other use of technology. In any case, a retail establishment must internalize and adopt some sort of program to prevent unauthorized access to customer and employee information and to protect itself from liability, should any such access occur. With that in mind, a retail establishment’s organization-wide security program certainly should include the following elements:
Cybersecurity is a constantly changing area that affects all of us on a daily basis. While there is a sense of apathy among those outside of the arena, retail establishments have a legal responsibility to take reasonable steps to ensure that customer information is adequately protected from inadvertent or unauthorized disclosure or unauthorized access. Proper training and policies in cybersecurity practices are essential for all retail establishments.