October 27, 2014

Is Your Business Too Small To Worry About A Data Breach?

+ Follow Contact

Send

Embed

I surrender Part of An Ongoing Series

No, not likely. In fact, even “mom and pop stores” have incurred hefty civil penalties for failing to notify consumers and/or regulators of a data breach. On July 9, 2014, the Vermont Attorney General announced that the Shelburne County Store—a small shop selling homemade Vermont souvenirs—agreed to pay a $3,000 civil penalty after reportedly failing to notify customers of a data breach relating to credit card information.

According to the Assurance of Discontinuance between the Store and the Office of the Vermont Attorney General, In late 2013, Shelburne County Store’s website was hacked, and the credit card information of 721 website customers was potentially compromised. Although the company quickly resolved the security breach once it discovered it in 2014, the Office of the Attorney General stated that the store “made no efforts to notify affected consumers of the data breach, to notify the Vermont attorney general of the data breach, or to notify any law enforcement agency”. It went on to note that “[the Office] will not accept the excuse that a business did not know of its obligations to report a breach,” even if it sells the world’s best melt-in-your-mouth fudge. As a result, the Office collected the $3,000 civil fine.

Under Vermont’s Security Breach Notice Act, amended in 2012, businesses are required to send the Attorney General a confidential notice within 14 business days of discovery of a data breach. The business must also send notice to consumers within 45 days.

California passed the nation’s first data breach notification law in 2003. It requires any business or state agency to notify any California resident whose unencrypted personal information (as defined) was acquired, or reasonably believed to have been acquired, by an unauthorized person. If a business is required to notify more than 500 affected parties, it must also notify the California Attorney General’s Office.

Privacy, Cyber-security, Cyber-crime and Cyber-insurance are some of the fastest-evolving areas in the law and our new digital economy.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Ervin Cohen & Jessup LLP

Contact + Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Breach Notification Rule

+ Follow

Data Breach

+ Follow

Data Protection

+ Follow

Small Business

+ Follow

General Business

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Ervin Cohen & Jessup LLP on:

Is Your Business Too Small To Worry About A Data Breach?

Related Posts

Latest Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Ervin Cohen & Jessup LLP on:

"My best business intelligence, in one easy email…"