For beauty business news, beauty store owners turn to Beauty Store Business. Beauty business trends, beauty business profiles and more!
Issue link: http://beautystorebusiness.epubxp.com/i/308289
42 June 2014 | beautystorebusiness.com Beauty & The Law become law, it has a number of elements that are in all of the bills under consider- ation. Unless you're going to lobby your congressperson, you don't need to study all the details, but a broad understanding will help your business prepare for any new law. The Personal Data Privacy and Secu- rity Act of 2014 requires businesses to tell consumers without delay after learning of a security breach. If more than 5,000 people are affected—or if the business' database has data on more than 500,000 individuals—the business must also notify the government within 10 days of learn- ing of the breach. Every business that accepts payment by credit or debit card or by check will have a special category of data called "sensitive personally identifi- able information" under the bill. Sensitive personally identifiable information includes a person's first name or initial and last name, together with an account number, credit or debit card number, user name, routing code, security code, access code or password. It also includes the person's name plus two more of the following: (1) a home address or phone number; (2) a mother's unmarried name; or (3) a month, day and year of birth. Sensitive personally identifiable information also includes a social security number, a driver's license number, a passport number or other government-issued unique identification number, a fingerprint or other biometric data, an account number or a credit card number, user name or routing code. The Personal Data Privacy and Secu- rity Act says that any entity that does business across state lines must notify every U.S. resident whose computerized sensitive personally identifiable information has been accessed. The notice to con- sumers must describe the kind of sensitive personally identifiable information was accessed. The business must provide a toll-free number for individuals to call for more information as well as the toll-free numbers of the major credit reporting agencies. If more than 5,000 people have their data compromised, the business must notify the consumer reporting agen- cies and a government agency to be named. The penalties for failing to report a security breach are harsh. Anyone who knows of a breach and knows that it must be reported but intentionally conceals it will face five years in prison if any individual loses $1,000 or more. If this bill becomes law, businesses with sensi- tive personally identifiable information on 10,000 people must have a data privacy and security program or follow standards approved by the FTC. The program must be comprehensive. It has to be designed to ensure privacy of sensitive person- ally identifiable information and protect against "anticipated vulnerabilities." The business must conduct a risk assessment by identifying reasonably foreseeable security problems both inside and outside the business and deciding how likely an attack is and how much damage it might cause. The program has to be designed to control the risks the business identifies. Smaller businesses with less sensitive personally identifiable information can adopt more streamlined programs. Some of the steps are destroying computer disks before disposing of computers and limiting access to authorized users only. Businesses will have to conduct mock attacks to see if their data is vulnerable if this bill becomes law. salonproducts@americandawn.com | 800 627 5839 r$CTDGT2TQFWEVU r5CNQP5JCORQQ6QYGNU r5RC#RRCTGN2TQFWEVU r&GUKIPGT;'PVTCPEG/CVU PREMIER MANUFACTURER & IMPORT DISTRIBUTOR V I S I T U S A T BOOTH #17136 1 3 t h - 1 4 t h J U L Y 2 0 1 4 B e a u t y & T h e L a w 6 1 4 . i n d d 4 2 5 / 2 / 1 4 2 : 4 2 P M 5/2/14 2:42 PM