Is Your Business Required to Safeguard Client Data?

Many businesses are unaware that they are required by law to protect client data. These requirements have been implemented on a growing number of professions, including financial service professionals, attorneys, healthcare professionals, and more. If you provide professional services and store client data, it is likely that you are required to safeguard consumer information through concrete data security measures.

This article will help you determine your business requirements as provided by law. Failing to implement data security measures could lead to severe financial and legal consequences. If you wait to implement security measures after you experience a data breach, it is certainly too late. Proper security measures require careful considerations prior to the occurrence of a data breach.

Data Security

As most professions rely on storing client data electronically, lawmakers continue to establish and enforce regulations on how businesses are required to keep client data safe.

It is important to note that regulations, safety measures, and penalties vary between professions.

The Gramm-Leach-Bliley Act, for example, focuses on the financial services industry. This act requires financial institutions to explain their information-sharing methods to their customers and to protect sensitive data. The term financial institution includes any business that engages in financial activities, including banks, mortgage brokers, lenders, insurance companies, tax preparers, real estate appraisers, and other similar professions in the financial services industry.

Bottom line: even businesses that do not normally describe themselves as “financial institutions” may be required to abide by this data protection requirement.

Similarly, the American Bar Association’s Model Rules of Professional Conduct require lawyers to make reasonable efforts to block the unlawful or inadvertent disclosure of, or unauthorized access to, information connected to the representation of a client.

Healthcare providers are also required under the HIPAA Security Rule to maintain reasonable and appropriate technical, administrative, and physical safeguards for guarding electronically protected health information (e-PHI).

For professional businesses that fail to safeguard client data, businesses may face serious legal and financial consequences. Gramm-Leach-Bliley penalties include imprisonment and/or fines up to $100,000 per violation by a given business, while officers and directors may face individual fines up to $10,000 per violation. Attorneys may face severe consequences for violating ABA rules, including restitution, suspension, and disbarment. HIPAA violations may result in fines ranging from $100 to $50,000 per violation depending on the circumstances.

Regardless, whether or not you are required to have security measures in place, it is simply good practice to protect client data as best as possible to avoid any potential threats to your professional business. The trend continues throughout nearly every profession because of the importance of sufficient data protection. As data breaches continue to grow throughout all industries, the importance of safeguarding client data has never been more important.

For more information in determining whether your business is required to protect your client data, please give Vernon Litigation Group a callWe are more than happy to serve you.

Vernon Litigation Group represents businesses and individuals throughout the United States who have financial disputes, including FINRA arbitration, cyber litigation, securities litigation & arbitration, financial advisors & employment disputes, and business & commercial litigation.

For more information, contact us at:


call: (239) 319-4434.