Burand’s Agency E&O Blog: Tip #36

Privacy Compliance. It’s not serious until you get caught, right?

The normal individual human reaction to complex laws and laws that defy relatively easy compliance is to acknowledge their existence, give them lip service, and generally ignore them. Complex laws do not often apply to Joe Blow and even if they do, rarely are they enforced. Laws that defy relatively easy compliance often are enforced with minimal enthusiasm.

The exceptions are when a government uses these laws to grab control or make a statement and small business are particularly vulnerable because small businesses have the mindset of the individual but must comply with the rules designed for mega corporations and government entities. Privacy compliance is a great example of this. Here are just the major federal laws passed within the last generation dealing with privacy compliance: Gramm-Leach-Bliley (GLB), FACTA, HIPAA, ACA (ObamaCare), and the Red Flag Rules. Just the combination of these laws violates the need for simplicity and adequately easy compliance. A business has to work hard to comply. Whereas “Thou shall not commit murder” is easy comply with because a person just does not have to murder, to comply with privacy laws, a business must purchase equipment, software, conduct training, and pay for audits.

But non-compliance should not take be taken lightly. At the very least, it is an agency’s best interest to at least be able show good faith effort if charged. At the very least, this means:

1. Physically protecting the data.
2. Electronically securing the electronic data.

This has two phases:

• Stored electronic data
• Data in the process of being transmitted (encryption and secured links)

3. Training your people to consistently observe the need and the means to protect data.
4. A high quality record retention program.

The penalties if prosecuted can put a small business out of business and few agencies have insurance for these situations (although some policies may be available on the E&S market).