We can offer you a reasonable flat fee that would be much cheaper then dealing with a problem down the road.
The Federal Trade Commission has jurisdiction over many consumer-related Privacy issues and has excellent materials and guidance.. Check out
In particular, you should examine the FTC's free guide for small businesses in this area:
Protecting Personal Information: A Guide for Business:
Practical tips for business on creating and implementing a plan for safeguarding personal information.
• The privacy rights of individuals will be respected at all times and every individual will be treated honestly, fairly, and respectfully.
• Protecting individual privacy and safeguarding confidential information are a public trust.
• No information about an individual will be requested, collected or used without their express consent, or that is not necessary and relevant to our self-declared operations..
• Information will be collected, to the greatest extent practicable, directly from the individual to whom it relates.
• Information about individuals collected from third parties will be verified to the greatest extent practicable with the individuals themselves.
• Personally identifiable information will be used only for the purpose for which it was collected
• Personally identifiable information will be disposed of at the end of the retention period disclosed to the subject or required by law.
• Individual information will be kept confidential and will not be discussed with, nor disclosed to, any person within or outside of our business without the express consent of the subject..
• Unauthorized access to individual information by associates or employees constitutes a serious breach of the confidentiality of that information and will not be tolerated.
• Requirements governing the accuracy, reliability, completeness, and timeliness of individual information will ensure fair treatment of all individuals.