Any company or individual using and / or managing personal information must take all necessary steps (technical and organizational) to guarantee that the information is kept in a secure environment, and must issue an internal protocol indicating all the procedures that shall be followed during the recollection, storage and use of such information.

If security is breached because of improper management or protection, then the responsible company may be held liable, and may be subject to penalties and civil liability for any harm.