croom new

Your State Dictates Data Security Notifications… Will You Be Notified?

Your State Dictates Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s important to keep in mind that not all the stolen data records target individuals. Business entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.

In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been many questions raised about data security and breach notification laws. One of the most concerning issues was the long delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The lone holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t ironclad. Nearly all of the policies indicate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state, however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
At the present, there are no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that do have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. Eclipse Integrated Systems can help you make sure that your non-public information doesn’t go public.

Tip of the Week: Google Maps Take The Guessing Out...
Windows Ink Adds An Extra Dimension To Your Busine...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, September 23 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Google Hackers Network Security Malware Internet Business Management Software User Tips Microsoft Tech Term Hosted Solutions Innovation Computer Windows 10 Productivity Backup Cybersecurity Productivity Business Efficiency Apps Mobile Devices Managed IT Services Browser Windows Smartphones Email Virtualization Cybercrime Smartphone Saving Money Hardware Passwords Small Business communications Operating System Data Recovery Data Backup VoIP Internet of Things Law Enforcement Communication Collaboration Disaster Recovery Business Continuity Workplace Tips Android Data Security IT Support Microsoft Office Ransomware Miscellaneous Money Phishing Holiday Gadgets Mobility Data Chrome Network Social Media Server Mobile Device Management Telephone Systems Office 365 BDR IT Support Wireless Cloud Computing Quick Tips Outsourced IT Best Practice IT Services Risk Management Google Drive Social Users Cost Management Wi-Fi Employer-Employee Relationship Application Unsupported Software Health Government Information Technology Vulnerability App Update Password Managed IT Streaming Media Bandwidth Politics Data Management User Error Save Money Sports Work/Life Balance Proactive IT Spam Facebook Windows 10 Managed Service Provider Blockchain Automation Office tips Current Events USB Shortcut Artificial Intelligence Antivirus Patch Management Alert Mobile Device Computers Upgrade Identity Theft Two-factor Authentication Hacking Audit Encryption Storage VPN Save Time Router Excel Networking Company Culture Social Engineering Telephony Humor History SaaS Commerce End of Support Battery Marketing Television Devices Cortana Remote Computing Computer Care Private Cloud Recovery iPhone Managing Stress Mobile Security HaaS Google Docs Information Wireless Charging Gmail Automobile Tech Support Office Meetings Fraud Data Storage Personal Information Going Green Business Intelligence Apple Transportation Cleaning Samsung OneNote Data Protection Internet Exlporer Legal Search The Internet of Things Compliance Analytics eWaste Maintenance Wireless Technology WiFi Hosted Solution Mobile Computing DDoS Managed IT Services Touchscreen Flexibility RAM Education Cast Sales Hard Drive Data storage Benefits Big Data SharePoint Licensing Device Security Trending Lithium-ion battery Computing Plug-In Solid State Drive Bluetooth Distributed Denial of Service Trends Settings Project Management Administrator Cables Electronic Medical Records PDF Worker Commute IT Solutions FAQ Internet Explorer Microsoft Office 365 Computer Accessories Augmented Reality Scalability Google Maps Microsoft Teams BYOD Retail Chromebook Reporting Smart Technology Computer Fan Books Travel Instant Messaging App store Remote Monitoring and Management Hacker Hard Disk Drive Experience Fax Server Sync Workers A.I. Data Loss IT budget Virus Access Voice over Internet Protocol Safety Emails Text Messaging Charger Uninterrupted Power Supply Threat Operating Sysytem Access Control How To Budget G Suite Unified Threat Management Point of Sale Conferencing Printing Medical IT WannaCry Teamwork Tablets Spyware Legislation Analysis Keyboard Phone System Updates Movies Proactive Webinar WIndows Server 2008 PowerPoint Avoiding Downtime Authentication Vendor Management Chromecast Bring Your Own Device Upgrades Advertising HBO Wearable Technology Gifts Google Assistant GDPR Video Games NFL Comparison Identity Managed Service Music Adobe Microsoft Word Files Microsoft Excel Identities Websites Amazon IT solutions Data Breach Connectivity Authorization Reputation Hybrid Cloud Consultant Credit Cards Value Laptop Dark Web Scam Nanotechnology Word Edge Virtual Reality Screen Mirroring Specifications Data Privacy Hiring/Firing iOS Applications Unified Communications Black Market File Sharing Language Data Theft Robot Virtual Assistant Windows 10s Entertainment Outlook Evernote Downloads Training Managed IT Service IT Management Running Cable Touchpad Error Employer Employee Relationship Root Cause Analysis Windows Ink Ciminal Regulation Troubleshooting Relocation Cache Remote Monitoring Emergency CrashOverride Monitors Worker Disaster Printers Twitter

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login