4IT Blog

4IT has been serving the Miami area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your State Dictates Data Security Notifications… Will You Be Notified?

Your State Dictates Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s important to keep in mind that not all the stolen data records target individuals. Business entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.

In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been many questions raised about data security and breach notification laws. One of the most concerning issues was the long delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The lone holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t ironclad. Nearly all of the policies indicate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state, however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
At the present, there are no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that do have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. 4IT can help you make sure that your non-public information doesn’t go public.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 22 January 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

Qr Code

Tag Cloud

security Tip of the Week Technology Cloud Privacy Best Practices Microsoft software Internet Business Computing Hackers Backup Productivity Hosted Solutions Business Management Managed Service Provider Google Malware IT Services Business Efficiency Windows IT Support Innovation Disaster Recovery Business Continuity Hardware Workplace Tips VoIP Computer Mobile Devices User Tips Saving Money Miscellaneous Virtualization Upgrade Windows 10 Mobile Device Management Network Security Data Server Mobile Computing Email Alert communications Save Money Communication Microsoft Office Network Social Media Quick Tips Small Business Smartphone Smartphones BYOD Information Technology Going Green Mobile Office Managed IT Services Outsourced IT Health Android Office Apps Operating System Chrome Application Ransomware Browser Gadgets Productivity Managed IT Cybersecurity Holiday Disaster Firewall Mobility The Internet of Things Avoiding Downtime Tablet WiFi Spam Data Recovery BDR Best Practice Data Management Search Passwords Data Backup Cybercrime Telephone Systems Risk Management Remote Computing Unified Threat Management IT Solutions History Saving Time Hacking Apple Vendor Management Marketing VPN Employer-Employee Relationship Budget Facebook Remote Monitoring Automation Hard Drives Office Tips Proactive IT User Error Collaboration Phishing Law Enforcement Password Hosted Solution Wireless Technology Computers Big Data Recovery Phone System iPhone Customer Relationship Management Money Content Filtering Analytics Encryption Virus Vulnerability Router Gmail Government Antivirus Shortcut Lithium-ion battery Social Bring Your Own Device Work/Life Balance Office 365 Current Events Telephony Humor Administration Printer Wearable Technology USB Maintenance PowerPoint Cloud Computing Google Drive SaaS Users Audit App Windows 8 Save Time HaaS Cost Management Intranet Business Intelligence Data Protection Bandwidth Printer Server Laptop OneNote Social Engineering Data Security Point of Sale IT COnsultant Education Trending Net Neutrality Computer Repair Politics Private Cloud Personal Information Tech Support Wireless Unsupported Software Outlook Two-factor Authentication End of Support Workplace Managing Stress Excel Streaming Media Internet Exlporer Uninterrupted Power Supply online currency Internet of Things Travel Identity Theft Redundancy Data Storage Solid State Drive Flexibility Sports Customer Service Update Biometrics Retail Virtual Reality Network Congestion Efficency Samsung Meetings Wi-Fi Help Desk Artificial Intelligence Emergency Instant Messaging Emails Applications HIPAA Display Entertainment hacker Benefits Transportation DDoS Computer Accessories Augmented Reality Computer Care Paperless Office Compliance Battery Robot IT Support Mouse Social Networking Windows 10 Fax Server Automobile Regulation Regulations Books Video Games Software as a Service Smart Technology Value Uograde Document Management Images Sync Cameras Data Breach Advertising Legal Data Loss iOS User Mobile Device Touchpad Managed IT Service Science Adobe Virtual Desktop Managed IT Services Presentation Managed Security Twitter Google Docs Bluetooth Computer Fan Best Available Scam Surge Protector IT Technicians Licensing Television Wiring Microsoft Excel SharePoint Dark Web 3D Printing Employer Employee Relationship Information Worker Commute Operating Sysytem Screen Mirroring PDF Debate Scalability Files File Sharing Teamwork Cast ISP Busines Continuity Networking Windows 10s Near Field Communication Safety Text Messaging How To Chromecast systems Nanotechnology Programming Upgrades Blogging Tablets Human Resources Hard Disk Drive IT consulting Training Administrator hack Running Cable Root Cause Analysis HBO Consultant Website Nokia Colocation NFL best practices Reliable Computing The Blindside Of Company Culture Black Market Access Cortana CrashOverride IT Management OneDrive Bloatware Touchscreen Word data breach Amazon IT Security Cleaning Co-managed IT Legislation Settings WIndows Server 2008 Experience Avoid Downtime Windows Ink Branding risk management Keyboard Lifestyle Distributed Denial of Service Patch Management Ebay Music Google Maps Computing WIndows 7 Hiring/Firing Inbound Marketing Hard Drive Data storage eWaste Commerce Storage Updates Microblogging Youtube IT service Conferencing Tutorial Microsoft Word Sales Domains Gifts Managed Service Provder Device Security Webinar Taxes Webinar Devices Supercomputer Credit Cards Spyware Mobile Buisness IT solutions Electronic Medical Records IT Budget Gift Giving FAQ Professional Services Reputation Charger Wireless Charging WannaCry Shadow IT Relocation Evernote Comparison Workers Specifications