When food and beverage companies think of their largest risks, data breaches have not historically come to mind, but this is changing because of reports in the past few months of major breaches by companies such as Noodles & Company, Albertsons, Supervalu and Cicis Pizza that have impacted hundreds of stores. The vast majority of states have laws that require notification to individuals and government entities if personal information in electronic form, such as bank account numbers, credit card data, Social Security numbers, and email addresses and passwords, are acquired by unauthorized individuals. The federal government is also actively enforcing data privacy and security laws. For example, the Federal Trade Commission (FTC) is committed to protecting consumer privacy. The FTC brings enforcement actions against businesses that do not comply with statements made to customers about how their data will be used and disclosed. The FTC has advised businesses to collect only the data they need, maintain it safely and dispose of it in a secure manner. Restaurants and other companies that maintain websites that may collect information from children must also conform to the Children's Online Privacy Protection Act (COPPA), which is also enforced by the FTC.

Businesses can take a number of measures to protect the data they hold. A thorough and accurate analysis of the information an organization maintains, how it is used and disclosed, and the potential risks to that data is a good first step. To preserve confidences and privileges to the extent feasible, your counsel should be involved early in this process. Once risks are identified, it will be important to take proactive measures to mitigate those risks and protect against security incidents and data breaches. Mitigation should include policies and procedures, as well as training of those who have access to personal data. Responding to data breaches can be extremely expensive, so preventive measures, as well as appropriate cyber liability insurance, can be invaluable for protecting a business. Cyber liability insurance varies radically in scope of coverage and value; therefore, it is wise for organizations to have their coverages reviewed by a specialist. Taking reasonable steps to protect personal data is critical for any business that handles this type of personal information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.