MERIT Solutions Blog

MERIT Solutions has been serving the Chesapeake area since 1982, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your State Dictates Data Security Notifications… Will You Be Notified?

Your State Dictates Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s important to keep in mind that not all the stolen data records target individuals. Business entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.

In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been many questions raised about data security and breach notification laws. One of the most concerning issues was the long delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The lone holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t ironclad. Nearly all of the policies indicate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state, however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
At the present, there are no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that do have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. MERIT Solutions can help you make sure that your non-public information doesn’t go public.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, July 20 2018

Captcha Image

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Cloud Network Security Business Computing Hackers Malware Software Productivity Internet Hosted Solutions Managed IT Services Backup Business Management google Mobile Devices Computer Outsourced IT Business Microsoft Disaster Recovery VoIP Business Continuity IT Support Hardware communications Innovation Windows 10 IT Services Email Cybersecurity User Tips Efficiency Data Backup Windows Tech Term Cybercrime Small Business Internet of Things Apps Mobility Managed IT Saving Money Mobile Device Management Data Recovery Server Ransomware browser Law Enforcement Smartphone Operating System Data Productivity Money Telephone Systems Save Money Android Office 365 Virtualization BDR Phishing Cloud Computing Smartphones Data Security Hosted Solution Quick Tips Passwords Password Information Technology Holiday Recovery Network Chrome Communication Microsoft Office IT Support BYOD Automation VPN Managed Service Provider Computers Update Risk Management Gadgets Unsupported Software Workplace Tips Social Media Best Practice Data Breach Budget Work/Life Balance Data Management Social Cost Management upgrade Wi-Fi Application App Collaboration Google Drive Hacking Avoiding Downtime Facebook Government Alert Two-factor Authentication Health Miscellaneous Vulnerability Wireless Cleaning Spam USB Save Time Office tips Applications Private Cloud History Remote Computing Managed IT Services Proactive IT Users Identity Theft The Internet of Things Artificial Intelligence Social Engineering Blockchain Flexibility Shortcut Employer-Employee Relationship Streaming Media Router Firewall Tech Support search Data Protection Antivirus Current Events Audit Wireless Technology Compliance Personal Information User Error Telephony Politics Gmail Robot Office Computer Care Excel Phone System MSP Wireless Charging End of Support IT solutions Data Storage Legal DDoS OneNote Encryption Networking Humor Disaster Television Management Big Data Data Loss Apple Marketing Google Docs Mobile Security Education WiFi Devices Sports Vendor Management SaaS Going Green Google Assistant Bandwidth Samsung Content Filtering Hacker Solid State Drive Internet Exlporer eWaste Battery Fraud HaaS Redundancy Travel Commerce iPhone Cortana Automobile Patch Management Windows 10 Mobile Computing Value Transportation Saving Time Project Management Alexa for Business Word Websites Legislation Connectivity Managed IT Service tweet Memory iOS Video Games Windows Ink Data Theft calculator Virtual Reality Twitter Laptop Comparison Uninterrupted Power Supply Scam Content Filter Students Regulation Music intranet Computer Fan control Evernote Google Maps Computing WSJ Touchpad Specifications Employer Employee Relationship Monitoring Screen Mirroring Unified Communications Sync Analytics IT budget Dark Web Exchange Reputation Advertising Software as a Service Distributed Denial of Service Keyboard Analysis Meetings altivista Instant Messaging Cast Worker Commute Maintenance Emails Sales Computer Accessories Workers Mobile Device Financial Adobe SBS Data storage App store Settings compaq Managing Stress Device Security Retail Financial Technology Updates Chromecast Bring Your Own Device Licensing Wearable Technology Books Identities WannaCry Scalability Administration Hiring/Firing hp Printing HBO Webinar Conferencing Microsoft Word Hybrid Cloud Mobile IoT domain How To Colocation Hard Drives Microsoft Excel Benefits Identity Remote Monitoring Spyware IT solutions Gifts Files Administrator Unified Threat Management Business Technology Professional Services Lithium-ion battery Language remote File Sharing Data Privacy Yahoo Computer Forensics IT Management Entertainment Windows 10s Training Access Upgrades Wasting Money Running Cable Electronic Medical Records Nanotechnology Server 2008 Relocation Storage Hard Drive Ali Rowghani Point of Sale PowerPoint WIndows Server 2008 HIPAA Edge Hard Disk Drive Credit Cards Trending Company Culture Consultant Amazon Tablets Safety Virus Root Cause Analysis Black Market PDF Smart Technology Chromebook Wireless Internet Ciminal Avoid Downtime FAQ Virtual Assistant NFL Proactive Augmented Reality server installation dvd "cannot install required files" Shadow IT Touchscreen Text Messaging Lifestyle Smart Tech Business Intelligence stock Document Management Gamification Outlook Experience Charger Congratulations Worker CrashOverride Cache Monitors Emergency Thank You

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Anna Jackson 5 SEO Tools To Get a Google-Eye View of Your Website
15 September 2017
Hello Randall! I was doing very important work but due to your subject I felt better to stay at you...
David Miller Not all project-management tools are right for all businesses
25 August 2017
All the points depicted by you in this blog is v.apt. I love the title of this blog because it says ...