Privacy Policies Overview
The notice posted on a business’s website or place of business which typically states:
What information is being collected
How the information is being used
How the information is being protected
How the consumer can access, remove, or request that the information not be collected
Data Mapping is the internal information practice of cataloging:
What data is being collected and from whom
How sensitive the data is
How the data flows within the organization
Who has access and who is responsible for the information
Security procedures come in a number of varieties, but should be reasonable given current security standards, taking into account the sensitivity of the information. For instance, a court could hold that reasonable procedures with respect to medical history are greater than reasonable procedures as applied to storage of names and IP addresses.
An information security aphorism is “there are two types of companies, those who have been hacked and those who don’t know they’ve been hacked”. All fifty states, with California leading the way, now require companies who have released customer data as a result of a security breach to disclose the breach to their customers.