New York CPB Offers Guidance on Protecting Personal Information
The New York State Consumer Protection Board has issued a Guide for handling personal identifiable information, which includes names, addresses, financial information, and, most significantly, social security numbers. The Guide urges businesses to identify whether (and why) they have personal information and to limit collection of such information. The Guide also advises firms to protect personal information with physical and electronic safeguards including locking files, encrypting data, using passwords, and limiting access to those who have a need to use. The Guide also encourages educating employees and customers about privacy safeguards and planning a response in the event of a security breach. The Guide also describes New York’s Information Security Breach and Notification Act, which requires a business to notify affected customers and inform appropriate authorities in the event of an unauthorized access to private information.
OUR TAKE: The Guide serves as a good “best practices” document for protecting personal information. It is also a good reminder that the state regulators have an interest in the business activities of participants in the financial markets.