MERIT Solutions Blog

MERIT Solutions has been serving the Chesapeake area since 1982, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why You Should Pay Attention to Data Security Notifications

Why You Should Pay Attention to Data Security Notifications

If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.

The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws--and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We’re not here to argue the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York’s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Due to Equifax being a financial institution, it’s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to MERIT Solutions at (757) 420-5150.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, July 20 2018

Captcha Image

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Cloud Network Security Business Computing Hackers Malware Software Productivity Internet Hosted Solutions Managed IT Services Backup Business Management Mobile Devices google Computer Disaster Recovery Business Microsoft Outsourced IT Hardware communications VoIP Business Continuity IT Support Windows 10 Innovation Cybersecurity IT Services Email User Tips Data Backup Efficiency Cybercrime Windows Tech Term Saving Money Server Mobile Device Management Ransomware Mobility Internet of Things Small Business Apps Data Recovery Managed IT Operating System Data browser Law Enforcement Productivity Smartphone Virtualization BDR Money Office 365 Telephone Systems Save Money Android Phishing Passwords Data Security Smartphones Hosted Solution Quick Tips Cloud Computing Communication BYOD Automation VPN Managed Service Provider Information Technology Password Holiday Recovery IT Support Network Chrome Microsoft Office Google Drive Hacking Avoiding Downtime Work/Life Balance Cost Management Alert Health Wi-Fi Miscellaneous Data Breach Facebook Computers Application Government Best Practice Update Social Media Gadgets Workplace Tips Budget Two-factor Authentication Collaboration Wireless Data Management upgrade Social Risk Management Unsupported Software Vulnerability App Artificial Intelligence Spam Flexibility Shortcut Telephony Managed IT Services User Error Router Firewall Antivirus Office tips Applications Private Cloud Current Events History Remote Computing Audit Gmail Proactive IT Compliance Personal Information Blockchain The Internet of Things Politics Data Protection Employer-Employee Relationship Cleaning USB Social Engineering Save Time Streaming Media Tech Support Users Identity Theft search Wireless Technology Big Data eWaste Wireless Charging Excel iPhone Project Management Data Storage Mobile Computing Transportation Education MSP OneNote Vendor Management SaaS Networking Robot Samsung Content Filtering Battery End of Support HaaS Data Loss Marketing Management Google Docs IT solutions Automobile DDoS Humor Disaster Value Mobile Security Devices Saving Time Television Redundancy Google Assistant Travel Office Phone System Sports Commerce Computer Care Apple Fraud Legal Cortana Patch Management Windows 10 Encryption Hacker WiFi Solid State Drive Internet Exlporer Going Green Bandwidth Worker Commute Wireless Internet remote Ciminal Word Computer Accessories Managed IT Service Mobile Device Virtual Assistant Yahoo Proactive Legislation Smart Tech iOS Managing Stress PDF Running Cable Gamification Server 2008 Windows Ink Books Scalability Alexa for Business Ali Rowghani Websites Comparison Connectivity Evernote Regulation Computer Fan Hiring/Firing Trending Text Messaging Memory Google Maps Screen Mirroring How To Data Theft Specifications Content Filter Sync Dark Web Benefits Students server installation dvd "cannot install required files" intranet Software as a Service Meetings Cast Unified Threat Management Emails stock Computing Sales Monitoring Workers Adobe Entertainment Unified Communications Laptop IT budget Uninterrupted Power Supply Settings Training Upgrades Electronic Medical Records tweet Analysis Retail Updates Maintenance Licensing WannaCry Point of Sale HIPAA Financial Touchpad calculator Company Culture HBO Consultant Webinar Safety Black Market Reputation Twitter App store Conferencing Advertising Financial Technology Microsoft Word control Device Security Mobile Smart Technology Avoid Downtime Bring Your Own Device Identities Microsoft Excel Remote Monitoring IT solutions Shadow IT WSJ Gifts Printing Data storage Exchange Professional Services Document Management Experience Distributed Denial of Service Hybrid Cloud altivista IoT File Sharing Chromecast IT Management Windows 10s Administration Identity SBS Spyware Nanotechnology Video Games Business Technology compaq Language Storage WIndows Server 2008 Hard Disk Drive Virtual Reality Colocation Data Privacy Credit Cards Hard Drives Wearable Technology Computer Forensics Tablets Root Cause Analysis Scam Music Wasting Money hp Files Administrator Lithium-ion battery Hard Drive FAQ PowerPoint domain Edge NFL Augmented Reality Employer Employee Relationship Touchscreen Analytics Amazon Virus Lifestyle Business Intelligence Charger Access Outlook Keyboard Instant Messaging Relocation Chromebook CrashOverride Thank You Congratulations Cache Monitors Emergency Worker

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Anna Jackson 5 SEO Tools To Get a Google-Eye View of Your Website
15 September 2017
Hello Randall! I was doing very important work but due to your subject I felt better to stay at you...
David Miller Not all project-management tools are right for all businesses
25 August 2017
All the points depicted by you in this blog is v.apt. I love the title of this blog because it says ...