9. If Third-Parties Request Personal Data — How to Respond

U.S. Legal Requirements

Federal and state laws require businesses to take steps to prevent personal information from being obtained by "unauthorized" individuals, and to alert consumers, and the government, if "unauthorized" individuals access and/or acquire that information.

As a result, businesses must ensure that they only release information to "authorized" third parties.

Only 28% of small businesses provide training to employees about Internet safety and security.

Source: 2012 National Small Business Study, National Cyber Security Alliance, Symantec, & JZ Analytics.