Why Organizations Should Care About Personal Information Privacy Beyond Comprehensive Privacy Laws: Reason 4

5-week Privacy Law Series

Reason 4 – Consumer protection and common law liabilities.

In addition to specific privacy laws, businesses must be aware of avoiding practices that could mislead or deceive individuals or that are otherwise unfair in relation to individuals. The Federal Trade Commission (FTC) is a federal government agency that works to prevent fraudulent, deceptive and unfair business practices. There is a risk of action not only by the FTC for failure to properly protect individuals’ personal information, but possibly by state enforcement agencies such as Attorneys General or consumer protection agencies. Also, there is the possibility of lawsuits by individuals, both consumers and employees, for failure to properly protect their personal information from improper disclosure. A common law lawsuit for simple negligence is a real possibility. In one case employees were able to maintain a suit against their employer for failure to protect their personal information from hackers.

And it isn’t just hacker risks that could lead to lawsuits. Businesses often share personal information with companies processing that information on behalf of the company, such as web hosts, data centers, payment processors, payroll processors, and customer relationship managers. Failure to have an appropriate agreement in place to protect the personal information they process could lead to a lawsuit by individuals whose personal information is improperly accessed, used or destroyed, for example.

Check back next week for Reason 5 – Things change