(a) In this section, “customer” means an individual residing in the State who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.
(b) When a business is destroying a customer's, an employee's, or a former employee's records that contain personal information of the customer, employee, or former employee, the business shall take reasonable steps to protect against unauthorized access to or use of the personal information, taking into account:
(1) The sensitivity of the records;
(2) The nature and size of the business and its operations;
(3) The costs and benefits of different destruction methods; and
(4) Available technology.
FindLaw Codes are provided courtesy of Thomson Reuters Westlaw, the industry-leading online legal research system. For more detailed codes research information, including annotations and citations, please visit Westlaw.
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.