If My Customer Payment Info Was Breached, What Are My First Steps Legally?
Written on October 24, 2019
Though you may have read news coverage about some of the largest data breaches in the US and around the world, issues involving compromised security are even more common than you think. According to Privacy Rights Clearinghouse, an online resource for privacy education and awareness, there have been more than 10 billion records breached in over 9,100 instances recorded since 2005. Security is a major issue for your customers, which means it’s also critical for you as a Florida business owner.
As such, when you receive the horrible news that payment information has been compromised, you want to do everything you can to comply with the law and retain your customers. After immediate damage control, your first step should be consulting with a Clearwater business law attorney. A lawyer can handle the critical legal issues and assist with such steps as:
Notifying Your Customers:
Under the Florida Information Protection Act of 2014, any company that sustains a breach must notify affected individuals by US mail or email within 30 days thereafter. The legal requirements for the notice are relatively basic, but businesses should go the extra mile when the stolen information relates to customer payment details. Your focus is on more than just compliance with the law; you’re protecting valuable relationships that enable your business to thrive. As such, you should include the following details in your notification:
- A summary of what your investigation has revealed so far;
- How to reach key employees in charge of remedying the breach;
- What information was compromised;
- How the offenders have used payment details, if you know;
- The actions you’ve taken to shore up the security breach; and,
- What you’re offering – at no cost – to protect your customers, such as identity theft protection or credit monitoring services.
Communications with Law Enforcement and Regulatory Agencies:
When a breach hits certain minimum thresholds, you’ll also have legal obligations to notify relevant government bodies. For example:
- If the breach affects more than 500 individuals, you must report it to the Florida Department of Legal Affairs;
- You’re required to alert credit bureaus for an issue that impacts over 1,000 people; and,
- You should notify local law enforcement for any size breach, as officers may be able to assist in apprehending offenders.
Though it’s not a requirement, keeping meticulous documentation can help you with the legal side of a data breach. Your notes can protect your interests if there are questions about how you handled the matter, and they’re also useful in establishing security policies going forward.
Reach Out to a Clearwater Business Lawyer About Your Legal Duties
At Clearwater Business Law, our team is dedicated to providing the essential legal support you need when a data breach or other misfortune hits your company. We have extensive experience representing companies in Pinellas County, FL and the surrounding region, so we’re prepared to handle the wide range of business-related issues faced by our clients. To learn more about how we can help, please call (727) 785-5100 today to schedule a consultation.