Data Security Has to Be A Priority For Your Organization

Data Security Has to Be A Priority For Your Organization

Considering that since January 1st of this year, there has been upwards of 10 million personal information records lost or stolen each day, odds are that you, or someone you know, has had their records compromised by a data breach. With such a high incident rate, individuals and businesses that have never received any kind of notification that their records were included in a breach, generally consider themselves lucky and assume that they are not at risk of identity theft or unauthorized account usage. Unfortunately for them, that is not always the case.

The fact is that there is a significant chance that your personal or non-public business information has been compromised in some way but, legally, the company that lost your information was not obligated to make you aware of the event. For your own benefit, understanding what your rights are when it comes to data breach laws is the first step in protecting your data. For example, do you know what information is considered ‘personal’? Are there ways that your data could have been lost or stolen but the offending entity was not compelled by law to notify you for some reason? The answer is yes.

Legal Definitions of Personal Information
Even though each state has their own laws and policies regarding data breaches and notification requirements, there is pretty much a consensus on the basics of what elements or combination of elements constitutes as ‘personal information’ in the eyes of the law. At a minimum, personal information includes:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

As mentioned, this does make up the foundation of most secular legislation on data breaches. Many states go a step further, and only consider account information requiring a pin or password as having been compromised if the required pin or password was included with the record that was stolen. That is, if the use of a debit card requires a pin for a transaction, you will not be notified of the data loss unless both your debit card number and the pin are accessed.

A few of the more progressive states, like North Carolina and Nebraska, include biometrics and fingerprint information as part of their definition of personal information. Similarly, some states, like Missouri have more specific, detailed laws, limiting the legal maneuverability that comes with ambiguity in statutes.

Even though laws regarding the majority of health and medical information and data policies are covered under the United States’ federally mandated Health Insurance Portability and Accountability Act (HIPAA), a few states do include health-related information in their definition of personal information.

One more thing that the some of the state laws regarding data breaches of personal information address is that once a relatively high number of records have been stolen, the information holders must also notify consumer reporting agencies in addition to the Attorney Generals of all states that have affected residents. The number of records lost that trigger reporting to a consumer reporting agency tend to number between 1,000 and 5,000.

When it comes to sectoral legislation, the current statutes are, in general, skewed in favor of protecting the corporate information holder, as opposed to the individuals that have their information compromised.

  • Encryption: In many states, there is specific language that says that if the personal information was redacted or encrypted at the time of the unauthorized access, then no breach or loss of data has occurred. The laws do not address the policy and notification standards for encryption that is broke post-theft.
  • Questionable Non-Personal Information: Depending on the state, some questionable information might be included as non-personal information. For example, the last four digits of your social security number may not be counted as personal information, despite the amount of accounts that only require you to confirm these four digits before making changes to your account.
  • Good-faith Acquisitions: Nearly every state lists ‘good faith acquisitions’ as exemptions to the data breach laws. A ‘good faith acquisition’ is defined a data loss event where the recipient of the personal information in question is employed internally or with a trusted vendor or partner - and is therefore not likely to be misused or further exposed. It’s important to note that businesses are not required to notify anyone in the event that the data breach meets ‘good faith’ requirements.
  • Risk of Harm Analysis: About half of the United States has laws that allow the information-holding entity to run a ‘Risk of Harm’ analysis that is used to determine the likelihood that the personal information compromised is likely to be abused or used in unauthorized transactions by the parties that have obtained it - or may obtain it in the future. In the event that the risk of harm is found to be minimal, they do not have to notify the attorney general of the state for which the analysis was run, nor do they need to notify the parties whose personal information was lost.

For most small and medium-sized businesses, a data breach, regardless of whether their information was stolen or their network had been penetrated losing client records, has the potential be catastrophic. Working with BNMC, we can help you take proactive data and network security measures and significantly reduce the chance that your network will fall victim to cybercriminals. Contact us at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, October 18 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Email Privacy Malware Hackers Business Computing Network Security Internet Microsoft Software Computer Tech Term Google IT Services Hosted Solutions Business Ransomware Mobile Devices User Tips Smartphone Managed IT Services Productivity Small Business Android Backup Efficiency Browser Hardware Innovation Cloud Computing Windows Data Management Internet of Things IT Support Saving Money Data Recovery Business Continuity Communication Windows 10 Cybersecurity Data Backup Data Managed IT Services App Encryption Windows 10 Passwords Microsoft Office Facebook Server Remote Monitoring Gmail Artificial Intelligence Business Management IT Support Word Money Outsourced IT Office 365 Disaster Recovery Applications Smartphones Employer-Employee Relationship Productivity Chrome Tip of the week Managed Service Provider Upgrade Phishing Workplace Tips Analytics Vulnerability communications Infrastructure Website Network Maintenance Office Tips Government Big Data Google Drive BYOD Bandwidth Settings Content Filtering Miscellaneous Antivirus YouTube Robot Save Money Risk Management Social Media IT Management Data storage Virtual Reality Business Technology Firewall Server Management Virtual Private Network Touchscreen HIPAA Spam Computing Laptop Outlook WiFi SaaS The Internet of Things Operating System LiFi Wireless Mobile Security Holiday VoIP Hosted Solution Administration Business Intelligence Mouse Mobile Device Alert Two-factor Authentication Paperless Office Display Avoiding Downtime Information Scam Company Culture Apple Vendor Management Monitors Users Storage Data loss Unified Threat Management Managing Stress Telephone Systems desktop VPN Automation End of Support Data Security Buisness Motherboard Cables Streaming Deep Learning Collaboration Safety Legislation Alerts USB Microsoft Excel Identity Continuity Virtual Desktop Troubleshooting Remote Computing SharePoint Fraud Cost Management Sports Managed IT Smart Technology Smart Office Spying Document Management Network Congestion Spyware Quick Tips Techology Screen Reader Charging Alt Codes Uninterrupted Power Supply Licensing Dongle Analysis Computer Care IBM How To Lenovo Wires Bring Your Own Device File Sharing Statistics Tablet Social Solid State Drive Wi-Fi Mail Merge Blockchain Solar Budget Writing Downloads Assessment Shortcut Distributed Denial of Service Work Employee-Employer Relationship Information Technology Identity Theft Computers VoIP Unified Threat Management Smart Tech Typing Humor Cooperation Service Level Agreement Downtime Managed Service Current Events Training Dark Data Corporate Profile Update Firefox Superfish Router Cybercrime Voice over Internet Protocol Best Practice Bluetooth Comparison Hard Disk Drive Address Permissions Compliance LED Automobile Retail Hotspot Marketing Internet Exlporer Dell Politics Patch Management Managed IT Service IT Technicians Optimization PowerPoint Apps User Error Gadgets Connectivity Cryptocurrency Specifications Staff Leominster IT solutions Going Green Customer Service WannaCry Customer Relationship Management Modem FinTech Google Docs Cabling Education Hacks Regulations Co-Managed IT Google Maps Office Samsung Heating/Cooling Multi-Factor Security Language Value Tech Support Break Fix Mirgation Recycling Onboarding Google Wallet Time Management Printer IoT Halloween Bitcoin Search Black Friday Augmented Reality K-12 Schools Slack Printing Chromebook Networking Cookies MSP Business Growth Password Emergency Social Networking Content Legal Social Engineering Servers Google Calendar Computing Infrastructure Professional Services Websites Dark Web Chatbots eWaste Digital Signage Unified Communications Drones Digital Payment Network Management Access Control Star Wars Scary Stories Windows 8 Cyber Monday Wearable Technology Network upgrade Monitoring Digital Nanotechnology Running Cable Development Hacker Disaster Mobile Device Management Cleaning Crowdsourcing CCTV Personal Information Botnet Cortana Webcam 3D Printing Mobile Computing BDR Machine Learning Printers Error Processors Ben McDonald shares Unsupported Software Virtualization Regulation Point of Sale Travel G Suite Computer Repair Relocation Mobile Data Supercomputer CrashOverride Staffing Recovery Motion Sickness How To Work/Life Balance Taxes Health Private Cloud Administrator Web Server what was your? IT Budget Black Market GPS Law Enforcement IT Consultant Electronic Medical Records Notifications Cameras Physical Security Twitter Tracking Emoji Meetings Upgrades Gadget

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3