4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your State Dictates Data Security Notifications… Will You Be Notified?

Your State Dictates Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s important to keep in mind that not all the stolen data records target individuals. Business entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.

In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been many questions raised about data security and breach notification laws. One of the most concerning issues was the long delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The lone holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t ironclad. Nearly all of the policies indicate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state, however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
At the present, there are no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that do have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. 4IT can help you make sure that your non-public information doesn’t go public.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 20 October 2017
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft Internet Business Computing software Backup Hackers Hosted Solutions Productivity Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows Innovation Disaster Recovery IT Support Hardware Workplace Tips Business Continuity Computer VoIP Saving Money Miscellaneous Virtualization User Tips Upgrade Windows 10 Mobile Device Management Mobile Devices Data Network Security Server Mobile Computing Email Alert Communication Save Money Network Microsoft Office Quick Tips communications Smartphone Social Media Smartphones BYOD Going Green Information Technology Mobile Office Health Android Apps Small Business Office Operating System Chrome Application Ransomware Browser Gadgets Outsourced IT Disaster Firewall Tablet Avoiding Downtime Productivity Managed IT Services Spam Cybersecurity BDR Passwords Mobility Search Data Management Holiday Cybercrime Risk Management The Internet of Things Telephone Systems Remote Computing Unified Threat Management WiFi Managed IT IT Solutions Automation Hard Drives Apple Saving Time Hacking Vendor Management Best Practice VPN Facebook Employer-Employee Relationship Remote Monitoring History Budget Law Enforcement Proactive IT Office Tips User Error Marketing Collaboration Phishing Password Wireless Technology Hosted Solution Computers iPhone Customer Relationship Management Big Data Phone System Recovery Content Filtering Analytics Encryption Data Backup Gmail Router Office 365 Bring Your Own Device Antivirus Shortcut Lithium-ion battery Social Money Humor Current Events Administration Data Recovery Telephony Wearable Technology Maintenance PowerPoint Printer Virus USB Users Outlook Windows 8 Work/Life Balance Data Security Government App Audit Cost Management HaaS Intranet Business Intelligence Bandwidth Printer Server Point of Sale Laptop IT COnsultant OneNote Social Engineering Wireless Computer Repair Unsupported Software Trending Education Net Neutrality Google Drive Cloud Computing Private Cloud Save Time Tech Support Mouse Flexibility Compliance Fax Server Workplace Two-factor Authentication Managing Stress Streaming Media SaaS Samsung Excel Uninterrupted Power Supply Wi-Fi online currency Emergency Applications Travel Network Congestion Politics hacker Personal Information Transportation Help Desk Update Customer Service Biometrics Efficency Retail IT Support Robot Computer Care Virtual Reality Battery Meetings Windows 10 Automobile End of Support Vulnerability Emails Instant Messaging Display HIPAA Internet Exlporer Entertainment Augmented Reality Benefits Social Networking DDoS Computer Accessories Internet of Things Data Storage Paperless Office Identity Theft Data Protection Solid State Drive Images Computing Distributed Denial of Service Employer Employee Relationship Uograde Dark Web Sports Worker Commute Screen Mirroring Operating Sysytem WIndows 7 PDF Inbound Marketing Files eWaste Scalability Cast Regulations Safety Text Messaging Windows 10s Nanotechnology Value Chromecast How To Cameras Upgrades Twitter Tablets User Artificial Intelligence Hard Disk Drive Wiring Root Cause Analysis Administrator Training Science Information Surge Protector Virtual Desktop HBO Presentation Colocation Consultant Television Bluetooth The Blindside Of NFL Best Available Debate best practices CrashOverride Access 3D Printing IT Technicians Company Culture Black Market IT Management Touchscreen SharePoint IT Security Word data breach Settings Cleaning Experience WIndows Server 2008 ISP Teamwork Keyboard Windows Ink Avoid Downtime risk management Busines Continuity Nokia Networking Music Patch Management Near Field Communication Programming Blogging Hiring/Firing Google Maps Commerce Data storage Human Resources Books Regulation IT consulting Website Running Cable Smart Technology Video Games Document Management Data Breach Sync Reliable Computing Advertising OneDrive Amazon Data Loss Legal iOS Managed IT Service Touchpad Co-managed IT Mobile Device Bloatware Managed Security Adobe Managed IT Services Scam Computer Fan Hard Drive Branding Licensing Ebay Microsoft Excel Supercomputer Electronic Medical Records Mobile Sales IT solutions File Sharing Storage Managed Service Provder IT Budget Tutorial IT service Professional Services Webinar Reputation Domains Shadow IT Gift Giving Buisness Relocation Software as a Service Google Docs Taxes Lifestyle Microblogging Webinar Youtube