For beauty business news, beauty store owners turn to Beauty Store Business. Beauty business trends, beauty business profiles and more!
Issue link: http://beautystorebusiness.epubxp.com/i/103399
Beauty & The Law According to the National Conference of State Legislatures, 46 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands all require notifications if there is a security breach. For the list of laws, see ncsl.org/issues-research/telecom/ security-breach-notification-laws.aspx. It's important to notify customers so you keep as much customer goodwill as possible, and also to avoid stiff penalties that you can be faced with if you don't follow the laws. Looking at Nevada as an example, if you lose unencrypted personal information of a Nevada resident, or if there's a security breach, you must notify the Nevada resident whose data was compromised as soon as possible using the fastest method possible. The notice can be written or by email. But if you don't have contact information, you will have to post a notice on your website and alert major statewide news organizations. If you lose data concerning more than 1,000 Nevada residents, you must also alert the national consumer creditrating agencies. Many states, including South Carolina, have similar laws. However, there are many variations in the laws from state to state. Some states only require notification to consumers if the security breach could significantly harm consumers, while others require notice even if there is relatively little risk of harm. Some require notification to state consumer agencies and attorneys general in addition to the affected individuals. Not all require notice to the consumer credit-reporting agencies. Almost all of the laws impose heavy penalties if you don't follow their notification requirements. MODEL BEAUTY BUSINESS POLICY & PROCEDURE Some states require written data-security procedures. But even if you are in a state that doesn't require one, it's a good idea to have a written procedure so all of your employees know what to do to prevent security breaches and the terrible publicity that can follow. No one can give you a one-size-fits-all procedure for every beauty business because your procedure will have to depend on the size of your business, whether you have a data security officer, what kinds of information you collect from customers, how you store that information, and what states you do business in. Larger businesses should specify by job title who is responsible for each step of the procedure. The model policy and procedure in "A Model Data-Security Policy & Procedure," page 60, is designed to give you a list of practices that might work for your business. If you don't have to and aren't going to follow an element of the model policy and procedure, be sure to delete it from your company's version. If you keep an element in but don't follow it, someone injured by a security breach will probably argue that you were negligent for not following your own standards. FANTASIA ® The Original Creator of Hair Polishers ...can't be Outshined! Insist on only original Fantasia Hair Polishers. A shine so bright... you'll need sunglasses! HAIR POLISHERS • Daily Hair Treatment • Heat Protector • Olive Moisturizer • Color and Chemically Treated Hair • Carrot Growth Serum Fantasia Industries Corporation © 2011 • Made in USA fantasiahaircare.com 62 February 2013 | beautystorebusiness.com You shouldn't delete any element that is required by a law where you do business. A FINAL NOTE The law in this area is changing rapidly— all in the direction of greater security requirements and broader notification in the event of a security breach. It pays to put good security measures into effect to avoid the problems you and your customers could face if there is a breach. This copyrighted article is intended to help make you aware of some of the issues that you may face, but it is not exhaustive and does not constitute legal advice. You should consult your lawyer for legal advice about the particular circumstances of your beauty business. ■ Jean Warshaw is a lawyer in private practice in New York City. She provides advice on business and environmental law. She can be reached at 212.722.2240.