4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why You Should Pay Attention to Data Security Notifications

Why You Should Pay Attention to Data Security Notifications

If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.

The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws--and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We’re not here to argue the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York’s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Due to Equifax being a financial institution, it’s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to 4IT at 305-278-7100.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 17 March 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft Internet software Business Computing Business Management Hackers Backup Productivity Hosted Solutions Malware Managed Service Provider Google IT Services Business Efficiency Windows IT Support Innovation Disaster Recovery Hardware VoIP Business Continuity Workplace Tips Mobile Devices User Tips Network Security Computer Saving Money Mobile Device Management Miscellaneous Virtualization Upgrade Windows 10 Data Server Email communications Alert Mobile Computing Small Business Communication Save Money Network Microsoft Office Social Media Smartphones Quick Tips Managed IT Services Apps Outsourced IT Smartphone BYOD Going Green Mobile Office Information Technology Productivity Browser Cybercrime Android Health Holiday Office Gadgets Operating System Application Ransomware Chrome Managed IT Cybersecurity Data Backup Mobility Best Practice Passwords Disaster Risk Management Tablet Firewall The Internet of Things Avoiding Downtime WiFi IT Solutions Spam BDR Data Management Search Collaboration Telephone Systems Data Recovery Internet of Things History Remote Computing Automation Unified Threat Management Hard Drives Apple Hacking Saving Time Marketing User Error Vendor Management Phishing Wireless Technology Employer-Employee Relationship VPN Budget Remote Monitoring Facebook Law Enforcement Content Filtering Office Tips Office 365 Proactive IT Data Security Password Money Hosted Solution Computers Vulnerability iPhone Phone System Customer Relationship Management Recovery Maintenance Big Data Work/Life Balance Two-factor Authentication USB Analytics Encryption Gmail Router Antivirus Shortcut Government App Bring Your Own Device Social Intranet Lithium-ion battery Social Engineering IT Support OneNote Google Drive Telephony Humor Administration Current Events Wearable Technology PowerPoint Virus Printer Tech Support Users SaaS Excel Outlook Windows 8 Audit HaaS Business Intelligence Politics Personal Information Cost Management Retail Bandwidth Printer Server Wireless Point of Sale Unsupported Software IT COnsultant Laptop Cloud Computing Computer Repair Windows 10 Data Breach Save Time Private Cloud Education Trending Net Neutrality Identity Theft Data Protection Flexibility Paperless Office Managing Stress Samsung Fax Server Wi-Fi Emergency Artificial Intelligence Workplace Applications Streaming Media Travel Uninterrupted Power Supply hacker online currency Transportation Update Customer Service Biometrics Cortana Network Congestion Computer Care Battery Robot Virtual Reality Project Management Networking Help Desk Meetings Automobile End of Support Efficency Emails Instant Messaging Blockchain Commerce Legal Internet Exlporer HIPAA Entertainment Benefits DDoS Computer Accessories Data Loss Display Solid State Drive Social Networking Managed IT Services Sports Mouse Compliance Google Docs Redundancy Data Storage Augmented Reality eWaste Regulations IT Budget Microsoft Excel Uograde Dark Web Lifestyle Images Credit Cards Ebay Safety Screen Mirroring Text Messaging How To Sales Chromecast Spyware Computing Value Cameras Upgrades File Sharing User FAQ Cast Training Windows 10s Administrator Science Fraud Virtual Desktop Presentation Consultant systems Nanotechnology Colocation Bluetooth Best Available Charger The Blindside Of Company Culture Tablets Black Market Hard Disk Drive Access IT Technicians Wiring Edge Touchscreen hack Information Root Cause Analysis SharePoint Wireless Charging IT Security HBO Twitter Cleaning NFL Debate best practices Ciminal Experience CrashOverride Surge Protector Television Avoid Downtime Teamwork WannaCry Keyboard IT Management 3D Printing Busines Continuity Word data breach Near Field Communication Legislation Music Settings Evernote Hiring/Firing WIndows Server 2008 Windows Ink risk management Data storage MSP Human Resources ISP IT consulting Comparison Books Nokia Video Games Running Cable Workers Smart Technology Patch Management Google Maps Document Management Programming Reliable Computing Specifications Blogging Advertising Updates Regulation Mobile Device Software as a Service Touchpad Bloatware Identities Conferencing Website Managed Security Microsoft Word Scam Sync IoT iOS Branding OneDrive Gifts Managed IT Service Adobe Distributed Denial of Service Device Security Amazon Employer Employee Relationship Co-managed IT Worker Commute Computer Fan Operating Sysytem Hard Drive WIndows 7 PDF Licensing Scalability Files Storage Devices Inbound Marketing Tech Term IT service Mobile IT solutions Proactive Reputation Domains Managed Service Provder Professional Services Webinar Websites Tutorial Shadow IT Buisness Relocation Gift Giving Taxes Language Supercomputer Electronic Medical Records Microblogging Webinar Youtube