In today’s data driven market, traditional business practices are evolving. The transition to the digital era has made it possible for businesses to collect large volumes of information about consumers. The information collected may vary depending on the size of the business, the product they offer, and data collection policies. However, some of the information typically collected includes:
- Demographics– Collected to establish demand for a product, and assess consumer wants and needs. Demographics may include age, gender, location, relationship status, sexual orientation, religious beliefs, income, family size, and employment.
- Personally Identifiable Information (PII)– PII refers to social security numbers, tax ID, drivers license, digital signatures, credit/debit card numbers, PIN codes, addresses, phone numbers. Or any other sensitive information about employees or consumers.
- Online trends– Businesses often track information about their website visitors. The information includes other sites they’ve visited, online searches, purchases, social media accounts etc.
Due to the sensitive nature of some of the information collected, and the increasing number of cybercriminals looking to steal it. North Carolina passed the Identity Theft Protection Act of 2005. The act is comprised of a series of broad laws that serve to prevent identity theft, and safeguard the privacy of individuals. Here’s a look at what’s covered under the act:
- Social Security Number Protection– To prevent identity theft, businesses are forbidden from sharing, printing, selling, leasing or trading any individual’s social security number without written consent.
- Destruction of Personal Information Records– Businesses that handle the PII of NC residents must have compliance policies and procedures in place for the proper destruction and disposal of sensitive information, and electronic media.
- Protection from Security Breaches- Any business that has suffered a security breach (paper, digital, etc.) is required to provide notice to anyone affected. The notice must include a description of the incident and type of information compromised. A list of steps the business has taken to protect the information from further unauthorized access. Contact information for major consumer reporting agencies, the Federal Trade Commission (FTC), and the NC Attorney General’s office must also be provided.
- Methods of Notification– After a breach has occurred a business must contact the individuals affected by letter, e-mail, or phone.
Penalties for Violation of the Act
A violation of the Identity Theft Protection Act could result in an investigation by the attorney general and a hefty fine of up to $5,000 per incident (or three times the cost of the damage).
The regulations covered in this article are for information purposes only. Not all security breaches are the same and other steps or regulations may apply.
Be Proactive with COR365 Information Solutions
NC data privacy regulations protect the sensitive information of businesses and the consumers they cater to. Violating the act could tarnish the reputation of a business and may jeopardize the future of a company. As an information management company, we offer a wide range of services to help businesses in manage and protect information. From Enterprise Content Management (ECM), breach protection, data entry, tape vaulting and document scanning and imaging. To microfilm digitization, information governance, record storage and document shredding. We have all the tools needed to increase security and support the growth of your company, and ensure your business is compliant with HIPAA regulations.
To learn more about our services fill out a contact form and one of our representatives will reach out shortly.