Welcome to MichiganPrivacy.com, the web home of Privacy Compliance Consulting LLC, a Michigan company based in Chelsea, Michigan. Privacy Compliance Consulting provides consulting services on the following core privacy and data security statutes and regulations:
· Michigan Identity Theft, Data Breach and Social Security Number protection laws
· FTC Data Safeguarding and Disposal
· FTC Unfair Practices in Data Handling
· Gramm-Leach-Bliley (GLB)
· State Data Breach Notices
· Federal unsolicited email regulations (CAN-SPAM)
· Fair Credit Reporting Act
· Federal Trade Commission (FTC) Red Flags Rule
More information on the services provided by Privacy Compliance Consulting LLC is contained in the Services tab.
Below is a an overview discussion of the regulatory impact that state and federal data safeguarding has on the typical small business.
Business records frequently contain personal information on employees, customers or your client's customers. Information such as social security numbers, state driver's license numbers, and health insurance card numbers are examples of personal information favored by identity thieves. If your records contain personal information, then legal, business and public relations risks dictate that a prudent business implement and maintain reasonable security measures to safeguard the information. The level of protection you need depends on the complexity of your business and the laws that govern your business. Privacy Compliance Consulting provides services aimed at helping businesses reduce exposure due to noncompliance with privacy and data safeguarding laws.
In the last ten years, there has been increasing legislative activity in the data safeguarding regulatory environment. This has resulted in a large number of state and federal statutes and regulations that dictate standards for collecting, using and disposing of personally identifiable individual information. Publicity surrounding the personal impact on individuals that have fallen prey to identity theft has been the driving force for the legislative activity. Access to personally identifiable information is at the core of identity theft. Most businesses maintain records that contain the raw materials necessary to commit identity theft. Requiring businesses to protect company records that contain personally identifiable individual information as a means of reducing identity theft is the purpose of much of the legislative activity.
At last count, 44 states have passed laws governing data breaches involving personally identifiable information (PII), including Michigan. The federal government has also passed a number of statutes and regulations governing the use, protection and disposal of PII. The Federal Trade Commission (see Links) is taking the position that not using reasonable security measures to protect PII is an unfair practice. This position is likely to be adopted by state regulators in enforcing state laws governing unfair practices. Private litigation claiming damages in connection with identity theft may also be a concern in your jurisdiction.
Change in Business Risks
In the past the primary business risks associated with a breach of company records were the internal administrative costs to restore any lost or corrupted records, business interruption losses and the impact that lost confidential information had on competitiveness. Today, however, the pervasiveness of identity theft along with state and federal information safeguarding requirements has increased the small business's risk to monetary loss from administrative and/or private enforcement actions based on a breach of PII. In addition, the quality of your information security program may determine whether a client is willing to use your firm especially if a transfer of the client's customer data is involved.
The need for, and sophistication of, an information security program depends on the type of personal information contained in your records. If you use or maintain PII on individuals, such as employees, customers or client's customers, you need an information security program (ISP) to comply with data safeguarding requirements and minimize damages in the event of a data breach. An ISP is a set of programs and policies that, when viewed as a whole, safeguard your company records regardless of the medium on which they are stored. ISPs are nothing new, and most businesses have historically implemented ad hoc security measures to restrict access to, and protect, confidential business records. To minimize legal, business and public relations risks, however, an ISP should be in writing. The content of an information security program depends on the laws that govern the information you possess, and the contracts you have signed with clients.
How PCC Can Help You
One of the services provided by Privacy Compliance Consulting is the design of ISPs that meet state and federal compliance requirements and, with a detailed maintenance log, can be audited by third-parties. The elements included in each ISP are discussed under the Services tab.
Additional services provided by PCC are discussed under the Services tab.