Related Posts
Best New Years trip for two
male fishies: where do you guys buy your ties?
Additional Posts in Privacy Law
Anyone take the CIPM recently? How was it?
Anyone else dying this week 😅
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.





North Carolina is the only state that protects businesses and considers them “individuals” for the purpose of breach notification.
Coach
Each of those corporate cards is registered to a person. Those people are the data subjects, not the corporate card sponsor.
Coach
How the card is used doesn't impact whether it constitutes personal info... Trying read state definition of personal info subject to breach reporting.
The corporate cards would be tied to the individual cardholder, not sponsor as D1 mentioned.
Usually corporate cards will have the employee’s name and company under it:
John Doe
XYZ, Inc.
Never seen a card just in a business’ name. I would confirm that with the client.
This is likely not personally identifiable information under the state data breach laws and therefore is not a reportable breach.
D1, I can educate you on, but can’t force you to understand what a data breach notification law is.
Have a nice day.
Breach notification laws are meant to protect individuals from prospective fraud. If the card has authorized users on file by the issuer, it may be possible that they could be identified based on the card number, whether or not their name is embossed on it. I would analyze the possibility of identification of authorized users whether the respective state laws tell you to do this or not…for all of the breaches I’ve managed, I’ve always leaned towards side of conservative interpretation and advised notice more then not. Because breaches are so common now, abrasion to reputation has been diluted.