7700 North Kendall Drive, Suite 607, Miami, Florida 33156   |  

Understanding Data Privacy Laws as a Small Business Owner

When conducting business, how do you gather sensitive information, and what sensitive information do you gather? This could include, for example, any of the following:

  • Social security numbers
  • Addresses
  • Full legal names
  • Email addresses
  • Passport numbers
  • Driver’s license numbers
  • Vehicle registration numbers
  • Dates of birth
  • Log in credentials
  • Credit card numbers
  • Personal health information

Both federal and state laws govern how a business owner must handle sensitive and personal data. In addition, any business working with citizens of the European Union (EU) must comply with the General Data Protection Regulation (GDPR), in effect as of May 25, 2018. These laws cover any information that may be used, alone or in combination with other data, to identify, contact, or locate another person. At Portuondo Law Firm, we offer business legal consulting, including guidance on how to handle sensitive information.

Identify What You Have

Data Privacy LawsTake a few minutes to identify the types of information you gather during the course of your business. Consider both digital and paper files. Do you use a fax machine? Mobile devices? Does your business have sensitive information on flash drives? The first step, but not the only step, is to identify what you have and where you have it.

Identify What You Need

Sometimes, businesses gather certain data because they have always gathered that data. Take a moment to review client intake forms, ordering forms, or other forms where you gather data and determine whether all the data gathered is truly necessary. For example, while you may need proof of age if you are selling alcohol or tobacco products, do you really need someone’s date of birth before you provide them with office software management programs? Perhaps it is time to streamline your forms.

Secure What You Have

Most companies continue to have a combination of paper data and digital data, although more and more businesses are moving to a digital only practice. Physical data can be secured in a locked room. However, you should ensure a limited number of people have access to the data, and those employees should be identified. For electronic data, take the time to explore data storage methods. Data sent over the internet or stored on computer networks should be encrypted.

Dispose What You Don’t Need

There is no need to hang on to sensitive or personal data you don’t need. How you dispose of it, however, is critical. For example, the Federal Trade Commission has disposal rules for data derived from consumer reports. Other data may be burned or shredded. If you have data on a computer, there are methods of wiping the data, thus safely eliminating it from your system.

Looking for Legal Assistance?

If you are a small business owner, consider consulting with Portuondo Law Firm. Just as you have your client’s back, let us have yours. We can assist you in offering general business consulting about such matters as data privacy laws, as well as your other business needs. We are happy to review your data practices and assist in developing data practices policies to protect your customer’s information, and protect you, as well.

Contact Portuondo Law Firm to discuss your business needs. Together we can craft a plan that works for your business, allowing you to focus on what really matters – growing your business. We look forward to working with you.




The information you obtain at this site is not, nor is it intended to be, legal advice. You should consult an attorney for advice regarding your individual situation. We invite you to contact us and welcome your calls, letters, and electronic mail. Contacting us does not create an attorney-client relationship. Please do not send us any documents to review or confidential information until such time as an attorney-client relationship has been established.

The following two tabs change content below.

Marisa Portuondo

Latest posts by Marisa Portuondo (see all)

%d bloggers like this: