From the information provided by your vendor, it is not clear whether the Personal Information Protection Act applies, as it applies only to breaches of computerized personal information. 815 ILCS 530/5. We recommend that you contact the vendor for clarification on the type of breach that occurred.
Our electronic payments vendor sent us a notification stating that a customer’s debit card “may have” been compromised. Do we need to notify the customer?
—
by