Olshan counsel Jonathan I. Ezor recently published an opinion piece in Long Island Business News regarding online privacy and small business. In the piece, Ezor discussed the new Consumer Privacy Bill of Rights published by the Obama Administration, and how small and mid-sized businesses may face greater risks, with fewer resources to address them, with regard to consumer data, as discussed in this excerpt:
While much of the attention over data collection and breach issues goes to huge, multinational companies, the requirements, and risks, apply to organizations of all sizes. Often, smaller companies find it more difficult to comply with privacy rules and best practices than their larger counterparts, both because the smaller firms lack dedicated information technology and personnel resources, but also due to a lack of knowledge about what they must do with the consumer information they collect.
Large media sites may know it is illegal to collect personal information online from children under 13 without their parents' prior consent, but local ice cream parlors may be communicating directly with kids on their websites. The FTC repeatedly delayed enforcing its Red Flags Rule requiring certain companies to identify and fix possible identity theft risks because it knew many businesses had no idea they were subject to its requirements. Smaller IT firms aren't aware that they, not just the (equally unknowing) doctors whose computers they maintain, are liable under HIPAA. These risks are not just from legal enforcement; lax data practices (real or imagined) will scare away customers who fear identity theft and "Big Brother"-type monitoring.
The attorneys in Olshan's Advertising, Marketing and Promotions Law practice group regularly work with clients on implementing best practices and managing privacy risks.