Eclipse Integrated Systems Blog

Eclipse Integrated Systems has been serving the Bridgewater area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your State Dictates Data Security Notifications… Will You Be Notified?

Your State Dictates Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s important to keep in mind that not all the stolen data records target individuals. Business entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.

In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been many questions raised about data security and breach notification laws. One of the most concerning issues was the long delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The lone holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t ironclad. Nearly all of the policies indicate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state, however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
At the present, there are no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that do have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. Eclipse Integrated Systems can help you make sure that your non-public information doesn’t go public.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 22 February 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Hackers Software Malware Internet Google Business Management Business Computing Microsoft Windows 10 Computer Innovation User Tips Backup Hosted Solutions Network Security Productivity Productivity Business Windows Cybercrime Apps Hardware Email Smartphone Disaster Recovery Efficiency Mobile Devices Cybersecurity Law Enforcement Virtualization Managed IT Services IT Support Browser Small Business Business Continuity VoIP Telephone Systems Mobile Device Management Miscellaneous Office 365 Holiday Android Quick Tips Operating System Microsoft Office Internet of Things Data Security Data Backup Ransomware communications Money Chrome Mobility Cloud Computing Passwords Application Smartphones Wireless IT Services Saving Money Server Communication Unsupported Software Collaboration Password Best Practice Health Information Technology Risk Management Outsourced IT Workplace Tips Gadgets Social Data Recovery App Government Google Drive Vulnerability Shortcut Facebook Identity Theft Current Events Work/Life Balance Phishing Hacking Wi-Fi Managed Service Provider Save Money Computers Office tips IT Support Politics USB Alert User Error Managed IT Upgrade Data Management Windows 10 Social Media BDR Private Cloud Sports Data Storage Recovery OneNote Samsung HaaS Hosted Solution DDoS Mobile Computing Cortana Automation Tech Support Managed IT Services Proactive IT Personal Information Audit Transportation Internet Exlporer Wireless Technology Computer Care Encryption Cost Management VPN Humor Telephony Antivirus Going Green Office Update Remote Computing Apple Excel Cleaning iPhone eWaste WiFi Streaming Media Bandwidth Artificial Intelligence Battery Social Engineering Legal Save Time Search Television Google Docs The Internet of Things Commerce Flexibility Spam Users Automobile History Employer-Employee Relationship End of Support Meetings Two-factor Authentication Device Security Upgrades Licensing How To Analytics Storage Access FAQ IT Solutions Data Big Data Screen Mirroring Devices Consultant Travel iOS Hiring/Firing Advertising Trending Charger Training Worker Commute Lithium-ion battery Books Reputation Distributed Denial of Service Files Spyware Bluetooth Touchscreen Tablets Legislation Benefits Settings Wireless Charging Marketing Company Culture WIndows Server 2008 Laptop Electronic Medical Records Fraud Fax Server NFL Black Market Computer Fan Comparison Smart Technology Robot Data Breach Patch Management Touchpad Edge Emails Word WannaCry Specifications PDF Gmail Wearable Technology Evernote Outlook Instant Messaging Ciminal Webinar Windows Ink Sales Cast Text Messaging Virtual Reality Operating Sysytem Uninterrupted Power Supply Network Networking Entertainment Managing Stress Budget Project Management IT solutions Google Maps Nanotechnology Retail Scam BYOD Education Avoiding Downtime Running Cable Workers Mobile Device Sync Video Games Chromecast IT budget SharePoint Windows 10s Data Loss Root Cause Analysis Conferencing Employer Employee Relationship Updates Experience Blockchain Solid State Drive Augmented Reality Gifts Computer Accessories HBO Point of Sale Microsoft Word SaaS Adobe Phone System Microsoft Excel Hacker Teamwork Hard Disk Drive Credit Cards Data Protection Router Data storage Maintenance Unified Threat Management Applications Scalability Music File Sharing Keyboard Administrator Vendor Management IT Management Cache Safety Remote Monitoring Emergency Relocation Monitors Worker Disaster Identities CrashOverride

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login