For beauty business news, beauty store owners turn to Beauty Store Business. Beauty business trends, beauty business profiles and more!
Issue link: http://beautystorebusiness.epubxp.com/i/308289
44 June 2014 | beautystorebusiness.com Beauty & The Law No state would be allowed to impose any requirement for protecting personal information. Consumers Union criticized this feature of the bill because it prevents states from coming up with innovative solutions to security threats. While a single federal standard would prevent the states from experimenting, it will also greatly ease the burden on businesses. MINIMIZE YOUR BUSINESS' LIABILITY One legal blogger reported that more than 40 lawsuits were filed against Target in the two weeks after Target announced its data breach. By early February, that number swelled to 70. Several banks have sued Target for the cost of reissuing credit and debit cards and repaying customers who were defrauded. No matter what the outcomes of these lawsuits are, they show what security precautions banks expect businesses to take. For example, Amalgamated Bank sued Target in federal court in Minnesota, where Target is headquartered. Amalgam- ated claimed that Target failed to secure customer data as required by industry standards and Minnesota law because it kept PIN numbers longer than allowed. Minnesota law prohibits merchants from keeping credit and debit card security codes, PINs or the full contents of the magnetic stripe data once the transaction is authorized. PIN debit information can only be kept for 48 hours after authoriza- tion. Target had also allegedly agreed to comply with an industry standard called PCI DSS that spells out security steps for handling credit card information. Amal- gamated claimed that it suffered damages by having to reissue cards and refund thousands of dollars in fraudulent charges and estimated the loss to banks and retailers as a whole at $18 billion. You can protect your beauty business by following any state security laws that apply to you and by following industry security standards. Even if there is no foolproof way to prevent a sophisticated hacker from committing a crime, tak- ing these precautions can demonstrate that your business was responsible in handling sensitive data. The PCI DSS standard spells out precautions, including having an Internet firewall to protect data, strong passwords, data protec- tion, data encryption, virus protection, access only by employees who need to know card data, unique access codes, restricted physical access to cardholder data, tracking all access to the network and card data, and regular tests of security systems and processes. The recent security breaches have been destructive for the businesses and consumers involved. The only good thing to come from these breaches is broad awareness of the risks your business should prepare for and a better under- standing of how you should respond if you're the victim of a hacker. ■ This copyrighted article is intended to help make you aware of some of the issues that you may face, but it is not exhaustive and does not constitute legal advice. You should consult your lawyer for legal advice about the particular circumstances of your beauty business. Jean Warshaw is a lawyer in private practice in New York City. She provides advice on business and environmental law. She can be reached at 212.722.2240. Cosmoprof Las Vegas 2014, Booth #24285 www.beautystrokes.com · email: info@beautystrokes.com · phone: 718-821-5939 %HDXW\6WURNHV ® LVDIXOOVHUYLFHEUXVKVXSSOLHUIURPVWUHHWZDUHWRSUHVWLJH $EUXVKIRUHYHU\DSSOLFDWLRQIURPIXOOOLQHVWUDYHOVHWVJLIWLWHPVYHJDQOLQHVVKDYLQJEUXVKHV 7ULOLQJXDOUHWDLOIULHQGO\SDFNDJLQJ (IÀFLHQWVSDFHVDYLQJGLVSOD\V (FRQRPLFDOO\FRQVFLRXVSULFLQJVFKHGXOH %HDXW\6WURNHV ® B e a u t y & T h e L a w 6 1 4 . i n d d 4 4 5 / 2 / 1 4 1 1 : 0 6 A M 5/2/14 11:06 AM