4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why You Should Pay Attention to Data Security Notifications

Why You Should Pay Attention to Data Security Notifications

If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.

The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws--and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We’re not here to argue the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York’s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Due to Equifax being a financial institution, it’s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to 4IT at 305-278-7100.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 20 October 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Best Practices Privacy Microsoft Business Computing Internet software Backup Hackers Hosted Solutions Productivity Business Management Managed Service Provider Malware Google IT Services Business Efficiency Windows Disaster Recovery Innovation IT Support Hardware Workplace Tips Business Continuity Saving Money Computer VoIP Upgrade Windows 10 Miscellaneous Virtualization User Tips Mobile Device Management Mobile Devices Data Server Network Security Mobile Computing Email Communication Network Alert Save Money Microsoft Office communications Quick Tips Going Green Mobile Office Smartphone Social Media Information Technology Smartphones BYOD Office Apps Small Business Health Android Browser Gadgets Operating System Chrome Application Ransomware Outsourced IT Disaster Tablet Firewall Avoiding Downtime Productivity Managed IT Services Managed IT IT Solutions Spam Cybersecurity Risk Management BDR WiFi Mobility Search Data Management Holiday Cybercrime Passwords The Internet of Things Remote Computing Telephone Systems Unified Threat Management Budget Hard Drives Automation Saving Time History Remote Monitoring Hacking Best Practice Apple VPN Vendor Management Facebook Employer-Employee Relationship Recovery Phone System Law Enforcement Proactive IT iPhone Customer Relationship Management Office Tips User Error Collaboration Phishing Password Wireless Technology Hosted Solution Computers Marketing Big Data USB Data Recovery Content Filtering Humor Analytics Encryption Administration Gmail Router Wearable Technology Office 365 Maintenance PowerPoint Data Backup Virus Antivirus Lithium-ion battery Shortcut Social Money Current Events Bring Your Own Device Telephony Printer Point of Sale IT COnsultant Outlook Computer Repair Work/Life Balance Government App Cost Management Audit HaaS Intranet Bandwidth Users Printer Server Data Security Business Intelligence Laptop Windows 8 OneNote Wireless Unsupported Software Social Engineering Education Trending Net Neutrality Cloud Computing Google Drive Save Time Private Cloud Tech Support Paperless Office Identity Theft Benefits Solid State Drive Vulnerability Computer Accessories Data Protection DDoS Flexibility Fax Server Mouse Compliance Workplace Streaming Media Samsung Data Storage Two-factor Authentication Managing Stress Uninterrupted Power Supply Wi-Fi SaaS Excel online currency Emergency Applications Social Networking Politics hacker Personal Information Travel Transportation Update Customer Service Efficency Computer Care Battery Robot Biometrics Retail Virtual Reality Automobile Meetings End of Support Display Network Congestion IT Support Instant Messaging Internet Exlporer Emails Windows 10 HIPAA Augmented Reality Help Desk Internet of Things Entertainment Regulation Ebay Employer Employee Relationship Nokia Sports Computing Worker Commute Sync Branding Operating Sysytem Distributed Denial of Service PDF iOS Data Loss Scalability Managed IT Service Files WIndows 7 Adobe Managed IT Services eWaste Text Messaging Computer Fan Inbound Marketing Safety How To Chromecast Regulations Upgrades Licensing Artificial Intelligence Dark Web Value Twitter Training Screen Mirroring Administrator Cameras User Consultant Surge Protector Colocation Science Hard Drive Television The Blindside Of Company Culture Black Market Cast Virtual Desktop Access Presentation 3D Printing Best Available Touchscreen Bluetooth Windows 10s IT Technicians Uograde Nanotechnology Images IT Security Cleaning ISP Experience Tablets SharePoint Hard Disk Drive Avoid Downtime Root Cause Analysis Keyboard HBO Programming Blogging Music NFL Teamwork best practices CrashOverride Busines Continuity Hiring/Firing IT Management Networking Data storage Near Field Communication data breach Wiring Website Books Word Information Video Games Settings Smart Technology Document Management WIndows Server 2008 Human Resources IT consulting risk management OneDrive Data Breach Windows Ink Running Cable Debate Advertising Legal Amazon Co-managed IT Mobile Device Patch Management Touchpad Reliable Computing Managed Security Google Maps Scam Commerce Bloatware Taxes Lifestyle Software as a Service Supercomputer Electronic Medical Records IT Budget Storage Tutorial Google Docs IT service Reputation Webinar Microsoft Excel Mobile Domains IT solutions File Sharing Youtube Professional Services Microblogging Shadow IT Gift Giving Sales Relocation Buisness Managed Service Provder Webinar