4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why You Should Pay Attention to Data Security Notifications

Why You Should Pay Attention to Data Security Notifications

If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.

The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws--and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We’re not here to argue the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York’s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Due to Equifax being a financial institution, it’s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to 4IT at 305-278-7100.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 15 December 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft software Internet Business Computing Backup Hackers Productivity Hosted Solutions Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows Disaster Recovery IT Support Innovation Business Continuity Hardware Workplace Tips VoIP Computer User Tips Saving Money Virtualization Upgrade Windows 10 Miscellaneous Mobile Device Management Mobile Devices Data Server Network Security Mobile Computing Alert Email Communication Network Save Money Microsoft Office Quick Tips communications Small Business Smartphone BYOD Going Green Mobile Office Information Technology Social Media Smartphones Health Android Apps Office Operating System Application Browser Chrome Ransomware Gadgets Managed IT Services Outsourced IT Disaster Mobility Tablet Holiday Firewall Avoiding Downtime WiFi Productivity Managed IT Cybersecurity Best Practice Data Management Search Risk Management Cybercrime The Internet of Things Telephone Systems Remote Computing Unified Threat Management IT Solutions Spam Passwords BDR Vendor Management VPN Remote Monitoring History Employer-Employee Relationship Budget Facebook Automation Apple Hard Drives Saving Time Hacking Marketing Law Enforcement User Error Collaboration Phishing Password Hosted Solution Wireless Technology iPhone Computers Data Recovery Customer Relationship Management Money Recovery Big Data Phone System Content Filtering Data Backup Proactive IT Office Tips Antivirus Work/Life Balance Shortcut Social Lithium-ion battery Office 365 Humor Administration Wearable Technology Current Events Vulnerability Telephony Maintenance PowerPoint Virus Printer USB Encryption Analytics Gmail Router Bring Your Own Device Government Cost Management Intranet Business Intelligence Point of Sale Bandwidth IT COnsultant Printer Server Computer Repair Laptop Social Engineering OneNote Politics Personal Information Trending Education Net Neutrality Private Cloud Wireless Unsupported Software Users Tech Support Cloud Computing Google Drive Windows 8 Outlook Save Time SaaS Data Protection Data Security Audit HaaS App online currency Network Congestion Travel Help Desk Samsung Update Customer Service Wi-Fi Emergency Artificial Intelligence Biometrics Retail IT Support Virtual Reality Applications Efficency Windows 10 Meetings hacker Transportation Instant Messaging Emails Computer Care Social Networking HIPAA Battery Robot Entertainment Display Benefits DDoS Computer Accessories Automobile End of Support Augmented Reality Data Storage Mouse Compliance Paperless Office Internet Exlporer Fax Server Two-factor Authentication Managing Stress Workplace Internet of Things Excel Identity Theft Solid State Drive Streaming Media Flexibility Sports Uninterrupted Power Supply PDF Twitter HBO Virtual Desktop Presentation Best Available Scalability NFL Files best practices Bluetooth Surge Protector CrashOverride IT Technicians Cortana Safety Text Messaging Television IT Management 3D Printing How To Word Chromecast data breach SharePoint Settings Upgrades Legislation WIndows Server 2008 Nokia Training Windows Ink Administrator risk management Teamwork Colocation Consultant ISP Busines Continuity The Blindside Of Patch Management Networking Near Field Communication Company Culture Black Market Google Maps Access Commerce Touchscreen Programming Blogging IT Security Regulation Human Resources IT consulting Running Cable Cleaning Software as a Service Experience Website Reliable Computing Keyboard Avoid Downtime Sync Data Loss iOS Managed IT Service Bloatware OneDrive Music Hard Drive Hiring/Firing Amazon Adobe Managed IT Services Co-managed IT Google Docs Data storage Computer Fan Images Uograde Books Smart Technology Video Games Licensing Branding Dark Web Distributed Denial of Service Document Management Microsoft Excel Lifestyle Advertising Screen Mirroring Data Breach Ebay WIndows 7 Computing Legal eWaste Storage Mobile Device Inbound Marketing File Sharing Touchpad Cast Regulations Managed Security Scam Windows 10s Nanotechnology Value systems Wiring Information Cameras User Employer Employee Relationship Tablets Hard Disk Drive Operating Sysytem Root Cause Analysis Science Debate Worker Commute hack Electronic Medical Records IT Budget Reputation Buisness Gift Giving Comparison Specifications Shadow IT Relocation Conferencing Gifts Microblogging Youtube Redundancy Webinar Sales Credit Cards Mobile Managed Service Provder IT solutions Webinar FAQ Professional Services IT service Taxes Tutorial Domains Supercomputer