Protecting Personal Information


It seems almost once a week there is data breach in the news-Facebook, Experian, Target, Delta Airlines. The list goes on and on. San Jose business owners have a legal obligation to protect their customers’ personal information (also called Personally Identifiable Information or PII). Every business, regardless of the size, should have a privacy policy and measures to safeguard PII. This is especially true if your business collects user information online or stores sensitive employee information.

What is Personally Identifiable Information (PII)?

PII is any information that can be used to identify an individual’s personal identity. There are many definitions, but most often the following list is considered PII:

  • Name
  • Email address
  • Phone number
  • Social security number
  • Credit card information
  • IP address

PII does not include information such as employment status, marital status, or gender. Your business can gather this information anonymously without linking it to PII.

What are Your Business Obligations in Protecting Personal Information?

Various laws require businesses to safely use, store, and collect PII. The failure to this can result in fines and other sanctions. Depending on your industry, there are some specific laws to be aware of:

  • Children’s Online Privacy Protection Act (COPPA): This law limits the collection (and use) of children’s personal information for children under the age of 13.
  • Gramm-Leach Biley (GLB): This law governs how financial institutions must handle, store, and process private financial information.
  • Health Insurance Portability and Accountability Act (HIPPA): Most of us are at least familiar with HIPPA by name. Every time we go to a medical appointment we are asked to sign a HIPPA release. A portion of the law (it does other things as well) obligates those who collect confidential health information to safeguard it to certain standards.
  • Different states might also have state-specific laws governing the collection and protection of PII.

Even if your San Jose business is not related to healthcare or a financial institution you are obligated to protect all PII. This includes the collection, storage, use, and dissemination of all PII.

Using a Privacy Policy-Protecting Personal Information

There are steps that you can take to ensure you are protecting PII. These might include:

  • Evaluate your business process and methods to determine if you have PII and how you currently handle such information. This includes both information on employees and customer information you may collect.
  • Identify which laws you might be subject to follow.
  • If you collect information from customers (or the public) identify how you communicate your policies to them.
  • Include links to your privacy policy on your website. Revise as necessary. If you do not have a privacy policy, begin the process of developing one and using it.
  • Implement new policies for how to safeguard, store, process, disclose, and dispose of PII.

Contact a San Jose Intellectual Property Attorney Today

Obligations surrounding PII are not going to go away. If anything, they will continue to be under more and more scrutiny due to large-scale data breaches in the media. At Structure Law Group our experienced intellectual property lawyers can assist in evaluating your business privacy obligations and help you draft a privacy policy. Contact us online or call us today at 408-441-7500.