Privacy and security continue to be critical considerations for all businesses.  While such concerns in the healthcare industry have received a lot of attention over the past years with the increasing requirements under the HIPAA Privacy, Security and Enforcement Rules, every business must carefully consider privacy and security of and its customer's information.  Businesses should consider the following items in designing their policies and procedures to protect valuable or sensitive information:

  1. Is the business regulated by one or more statutory regulatory requirements?  A business must consider not only the laws of the United States but also potential international requirements. By way of example but without limitation, the European Union Data Protection Directive may need to be considered depending upon the business activities of the business.  
  2. Is any of the information privileged under common law and/or specific state laws so it may not be divulged?  
  3. Does information include trade secrets that must be maintained? There are many requirements in order to assert confidentiality of a trade secret including, but not limited to, treating such information as confidential.
  4. Is the business subject to confidentiality agreements?
  5. What information should be protected as a matter of sound business practices?