business LAWYERS invested in you

We take your business as seriously as you do.

Does Big Data apply to the Small Business?

Written by Zana Tomich on January 26, 2016 Category: Creative Services Firms, General Counsel and Advice, Restaurants, Startup Law
Share this post

Big data, or data collection, are buzz words we read or hear about on a daily basis. Some of the world’s largest and most profitable companies, known for their cutting edge technology, search engines, software, and high-demand products are really in the business of collecting, aggregating, analyzing and selling data. It is arguably their most valuable asset, far more worthy than the technology, goods and services for which they are known.

So, what does data collection have to do with the new retail shop or restaurant that collects email addresses, account information, and other relevant information with every swipe of a credit card, and inputs consumer preferences with every order entry in the POS system? Often, these restaurants and retailers are simply using the data to analyze their guests’ activity with their business, send out promotions, newsletters, or other mass mailings. Though not at the scale of the conglomerate “big data” companies, these retailers, restaurants, and service businesses have an interest that is two-fold.

First, they must maintain a system to protect their consumers from identity theft and fraud. Maintaining guests’ privacy and protecting against fraud is not just a good business practice to keep consumer information safe and preserve their business reputation in the event of a breach; it may also be a legal duty under state and federal law.

Establishing and adhering to a Privacy Policy is one step that every company should take in protecting their consumers’ data. The privacy policy should be a public statement as to how the business uses the data it collects, and posted on its website. The privacy policy should be among the business’s key governing documents and guide those who handle data collection. The policy would inform the consumer how their data will be used, whether it will be tracked, or whether it is disclosed to third parties. It should provide for an opt-out provision so the consumer has the choice of how the data is used. Most importantly, the privacy policy should include a plan of how the consumer will be notified of a data breach and what steps will be taken to remediate the problem.

Second, these businesses must protect themselves, and liability for data breaches. Many small businesses use a third-party to administer and collect and analyze their data, (think of the little payment attachment which you swipe your credit card with at the farmer’s market). Be sure the third-party administrator has taken steps to protect the data, and has not pushed off liability to the end user, i.e. the restaurant, boutique, or professional service company, and to make sure the third party is following the laws, regulations and best practices applicable to them.

Consult with an attorney at Dalton & Tomich, PLC to determine what laws apply to your small business and assist you in protecting your business and consumers.

Leave a Reply

About Us


The business and employment attorneys of Dalton & Tomich take your business just as seriously as you do. Attorneys Zana Tomich and Noel Sterett are trusted by closely held family businesses and others across Michigan and Northern Illinois as invaluable partners and counselors. We guarantee all your calls and emails will be returned within one business day so you can focus on what you do best: running your business.