b'Data Privacy continued from page 15including Connecticut, Hawaii, Louisiana,flexible, match your business model, andlaptops, even when not connected to the North Dakota, and Texas. address any risky behavior on the behalfcorporate network.of employees.If you are doing business Given the current privacy law environment,in California, be sure that your program7.Consider Cybersecurity businesses must take appropriate steps toaddresses each of the recommendationsInsuranceprotect data.To be effective, businessesfrom California Attorney Generals 2016 should understand that data protectionData Breach Report. Depending on the needs of your business, must permeate all aspects of the businesssize, and risk associated with your business, and each business, no matter what size,5.Employee Training consider obtaining a cybersecurity should have an effective privacy program.insurance policy to round out your data The following, although not an exhaustiveOnce youve developed your program,privacy program.If you do purchase a list, discuss how to develop and access youryou need to train your people, train yourpolicy, be sure that you understand the data privacy program. people, and then train your people somecoverage and reporting requirements.more.Your employees must know what 1.Leadership Buy-In behaviors they should avoid every dayData privacy legislation in the United whether they are sending emails, printing,States will continue to evolve in the coming The place to start developing an effectiveuploading documents to the cloud, usingyears.As we see more state legislation privacy program is at the topexecutiveother portable devices, etc., and they mustand potentially legislation at the federal-leadership must make data security abe reminded often. level, businesses of all sizes must make priority.Furthermore, leadership mustcompliance with privacy laws a top priority. be prepared to dedicate the resources6.Address Loss Prevention The worst thing a small business can do is to necessary to develop a strong dataignore the various privacy laws, assuming security program.Leadership buy-in isIn2019,theVerizonDataBreachit does not apply to them.also necessary to cultivate a culture ofInvestigation Report showed that 43% data security. of data breaches involved small businessIf you have any questions about data privacy victims with 10% of data breaches in theissues, please do not hesitate to contact 2.Where is Your Data? financial industry.The Report also showedLeslie Baird at lbaird@wrightlegal.net. the 34% of data breaches involved internal As you develop or assess your data securityactors. Disclaimer: The above information is program, you should understand whereintended for information purposes alone your data is stored and what types of dataYour privacy program must include someand is not intended as legal advice.you store.You should also consider howkind of data loss prevention that will accessible and sensitive your data is. enable you to monitor and control theLeslie Baird is an Associate Attorney at transfer of your data from desktops andWFZs Utah office.3.Monitor Your DataYou must understand where your data is going, who has access to your data, and how that data is being used.You should also consider the sensitivity of your data and evaluate how the varying levels of sensitive data is being used and/or communicated.4.Develop and Assess Your ProgramYour data privacy program should be constantly evolving as you continually develop and assess your data security needs.It is important to develop policies and procedures to address data security, regulatory compliance, and intellectual property issues.These policies should be Page 16Spring 2020Points of Interest'