In response to the increased collection and use of private information, federal and state governments enacted a plethora of laws, rules and regulations to protect private, personal and business information. While there is no comprehensive statute, rule or regulation addressing what personal information is or is not protected from disclosure and misuse, a common theme is the protection of healthcare, financial and insurance information. With the competing interests of freedom of government information and the business benefits from information use, you must remain diligent to ensure that your business adequately protects the private information it collects.
The bulk of the privacy protections and security requirements address what governments can and cannot collect and what they can and cannot share with third parties and other government agencies. Besides issues of national security, protected information often includes healthcare, finances, government benefits and taxes. These restrictions often compete with the desire for transparency in government, the increasing breadth of freedom of information laws, and sunshine requirements that enable citizens and businesses to obtain substantial amounts of information from government records.
Privacy protections also effect the information gathered and used by your business, imposing duties and obligations to protect and preserve private information from inappropriate use and disclosure. The protected information usually involves healthcare, medical, financial, insurance and other private information obtained from patients and customers. Social security, bank account, credit card and other identification numbers that you obtain for the purpose of your business must not only be held on confidence, but you may be required to demonstrate that you have adequate safeguards in place to prevent unwarranted disclosure or improper use.
Adequate safeguards and protections depend on the particular information, methods of accumulation and storage, and your industry or profession. They range from limiting access to computer data to the use of offsite lock boxes. Employees should be instructed on the obligation to protect and keep customer, patient and third party information obtained by your business confidential, and employee policies and handbooks should address the obligation to protect confidential and private information. The misuse of or failure to protect private or confidential information could result in the imposition of substantial damages and penalties on your business.
At Brooks, Tarulis, Schaffer & Tibble, LLC we can advise you on the requirements and needs for the protection of private and confidential information obtained and maintained by the business. If we can assist you in this matter, please contact me.