Protecting Customer Information and Brand Reputation in the Digital Age

information securityRecent media attention has highlighted a disturbing trend: information security breaches are on the rise.  These breaches can cost a business a lot of time and money.  They can also result in a loss of customer trust and brand reputation – valuable commodities that are easier to lose than to earn back.  While most businesses try to mitigate the risk of a security breach, many may not be aware of their requirements under Maine law in the event that a breach occurs.   Read on after the jump for more information.

Under Maine’s Notice of Risk to Personal Data Act (“Data Act”), every individual or entity that keeps unencrypted “personal information” in its computer systems has certain obligations.  “Personal information” means any individual’s first and last name, together with another piece of personally identifiable information such as a social security number, driver’s license number, credit card number, PIN, or password.

An entity must do several things if it learns that a breach has occurred:

1.  Promptly investigate the breach;

2.  Notify any Maine resident whose personal information was breached if misuse has occurred or is reasonably likely to occur; and

3.  If the breached organization maintains information for another entity, notify that entity.

Failure to issue notice quickly enough can result in fines.  Further, in addition to these notice and investigation requirements, an organization that experiences a breach may be sued by those affected for negligence or breach of contract.

There are steps an organization can take to avoid these consequences.  All organizations should enact some form of information security system.  Stored and transmitted personal information should be encrypted: the Data Act only applies to unencrypted “personal information,” and encrypted data is much harder to misuse.

These steps will help businesses rest easier, knowing their customer information and brand reputation are secure.  For more information, contact the attorneys at Tucker Law Group.

One thought on “Protecting Customer Information and Brand Reputation in the Digital Age

  1. Wow, this post is good, my sister is analyzing these kinds of things, so I am going to inform her.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s