In this high technology world, buying and selling occur almost everywhere, and people are concerned with their data privacy. As a business, you’re expected to keep consumer information private. Actually, there are strict consequences if you don’t.
While federal regulations dictate how you store and handle private information, Maryland also has its own regulations. The chances are high that, if you comply on a national level, you also comply with the Maryland Personal Information Protection Act (PIPA).
What is PIPA?
Increased cybersecurity attacks may cause business owners to worry. PIPA was first enacted in 2008 and was amended in 2019. It applies to any Maryland business that stores consumer data and instructs that a company must take reasonable actions to protect that information.
A data breach occurs when your business is hacked, and customer information is unwillingly provided as a result. In regards to PIPA, consumer information includes the name or initials and at least one of the following:
- Personally identifying numbers
- Account numbers
- Personal health information
- Biometric information
PIPA outlines how this information is collected, managed, and used. Of course, there are other reasons to keep this information secure, including the reputation of your business and your relationship with customers.
What consequences could you face?
Even an enhanced security system, like multi-factor authentication, can be hacked. In that case, PIPA does require some action. In the event of a data breach, PIPA dictates that you:
- Inform the consumer within 45 days
- Launch an investigation
- Detail what information was compromised
- Educate consumers on how to protect themselves
Ensure your business and clients are protected and within regulatory compliance. A security breach is as tough on a business as on the affected consumer. Violations of PIPA can result in fines and criminal offenses.