Organizations that collect, store and use personal information are subject to a wide range of legal obligations. The term “personal information” is generally defined broadly to include information about an identifiable individual. These obligations are even more stringent when the information in question is considered “sensitive”, such as medical or financial information. This patchwork of administrative processes and laws can be difficult to navigate. Many organizations have not done audits to ensure that their practices are up to date and compliant with current obligations.
Even organizations that have put in place all the appropriate structures and procedures can encounter difficulties sorting out their responsibilities when an event such as a data breach occurs. A data breach can consist of other types of information disclosure or risk beyond a technological compromise of their digital information systems. Sending a letter to the wrong addressee or the improper disposal of paperwork can also trigger obligations. Determining what constitutes a “real risk of substantial harm” is not always a simple task.
Robert Dunn has achieved a certification by the International Association of Privacy Professionals in this often complicated and changing area of law. Dunn Law can help you navigate these issues with services ranging from comprehensive assessments of current practices to assistance in dealing with a specific breach or other issue.