Retail and service industries hold extensive amounts of customer data, some of which may be regulated under state, federal or international privacy laws, or follow the Payment Card Industry Security Council’s Data Security Standard (PCI-DSS). Many retail and service organizations may not even be aware of the personally identifiable information – such as social security numbers and credit card and account information – held on their systems, and data inventories and classifications are necessary first steps for these industries to understand their data compliance obligations.

Most states require notification of data breaches and security incidents across sectors, including breaches by retail and service companies. If your company experiences a breach, you may be obligated to notify those affected by the breach, within a certain time frame and in a certain manner. Octillo attorneys respond to hundreds of data breaches a year, and know nuances of state and federal law data breach compliance. Don’t risk penalization for failing to adequately protect customer data – contact Octillo now.