The use of technology in the world of business, including the design business, has exploded over the last 30 years and has provided many wonderful new opportunities.
Unfortunately, too many people have instead taken the information revolution as an opportunity to steal the data that California businesses collect and store and then use that data for fraud, theft or other criminal purposes.
The problem is widespread enough that design businesses in the Bay Area need to anticipate that, at some point, bad actors may try to access their customers’ data and steal it.
They have a legal obligation to take reasonable steps to protect this data and may face litigation if they fail to do so.
After all, much of the data that design professionals retain pertains to personal or other sensitive information that, if compromised, could cause serious financial and other damage to their customers.
If the professional winds up having to foot a large bill for this damage, it could in a worst case scenario ruin their business.
Sweeping a breach under the rug is not an option
Moreover, California law imposes detailed requirements on businesses in this state to report data breaches to customers.
Breaches have to be reported even if there is only a reasonable chance that protected data got compromised and even if it turns out the person who stole the data did no additional harm to the customers involved.
If the breach is serious enough, then the business will also have to notify the California Attorney General, who may in turn elect to impose regulatory penalties for any violations of state law.
Aside from a network of federal and state laws, design professionals may also have other contractual and other obligations to pay careful attention to how they protect their consumer’s data.