The exchange of cash for payment for a goods or services is rare these days. We have certainly become a digital society. Business make advances daily to make transactions more efficient and convenient. However, businesses engaging in e-commerce must not compromise security for expediency. Additionally, businesses store infinite amounts of personal data about their customers. These businesses, such as health care providers and health insurance companies, not only must safeguard their electronic transactions but must also secure sensitive information and proactively combat data breaches. Failure to do so can lead to a huge economic loss for the customers and the company. The savvy business attorneys at Structure Law Group, LLP advise businesses on the best practices to prevent data breaches and counsel them on the necessary steps to take if such an unfortunate event occurs.
In California, people have a constitutional right to the safety and integrity of their personal information. California’s information security act defines personal information as any information that could identify or describe a person. Personal information is also an individual’s name, address, social security number, license number, medical information, and the like. A business in possession of such information must take reasonable steps to prevent disclosure of private information. California law obligates businesses to implement security measures reasonably designed to protect the integrity of the private information. Every business entity, from a sole proprietorship to a multi-national corporation is subject to the information security act.
California law broadly defines “data breach.” Data breach includes any “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.” The information may be used in good faith for the benefit of the person whose information is disclosed, provided that such disclosure is authorized.