If you do any amount of business online, then you are probably covered, to one extent or another, by stringent new privacy laws that are designed to protect the consumer. These laws may apply to you whether you are a B2B or B2C trader, especially if you transact any business overseas with clients who are in the European Union. Are you sure that you are as protected as possible in this situation, and what should you do if you happen to fall foul of the regulations?
Dealing With Valuable Data
Some business owners do not fully understand the challenge and may not realise that even the smallest amount of information is personal and needs to be treated with care. They may retain a prospect's email address in order to send them some offers in the future or to try and tempt them to become a customer in time, but this information by itself could be potentially valuable to others. Hackers may be particularly interested in harvesting some of the email addresses and other information related to some of your online contacts, and if you don't have a system in place to watch over this data, you could be liable.
Notifying of a Breach
Regulations now exist to force some companies that engage in business online to notify their local regulator, should any of their data be compromised. They will need to ensure that they had safeguards in place to try and avoid the situation, but most importantly, they must ensure that they notify their regulator on time. Some fines or other penalties could be levied simply due to a delay in notification, although this issue may be more appropriate for companies that are larger than a certain size. In this case, the Australian Information Commission will want to know if a business with a turnover larger than $3 million were to suffer a data breach.
You may also need to tell any visitors to your site that you intend to gather some information from them automatically, by using cookie technology. While much of this 'magic' may happen behind the scenes and without your direct input, you should notify all your visitors what is about to happen.
What to Do Next
Rules do vary from country to country, and it is difficult to know exactly what to do. Still, if you feel that your data has been compromised or if you have received a notice of infringement, then you should talk with a commercial lawyer as soon as possible for their advice.