crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Data Security Has to Be A Priority For Your Organization

Considering that since January 1st of this year, there has been upwards of 10 million personal information records lost or stolen each day, odds are that you, or someone you know, has had their records compromised by a data breach. With such a high incident rate, individuals and businesses that have never received any kind of notification that their records were included in a breach, generally consider themselves lucky and assume that they are not at risk of identity theft or unauthorized account usage. Unfortunately for them, that is not always the case.

The fact is that there is a significant chance that your personal or non-public business information has been compromised in some way but, legally, the company that lost your information was not obligated to make you aware of the event. For your own benefit, understanding what your rights are when it comes to data breach laws is the first step in protecting your data. For example, do you know what information is considered ‘personal’? Are there ways that your data could have been lost or stolen but the offending entity was not compelled by law to notify you for some reason? The answer is yes.

Legal Definitions of Personal Information
Even though each state has their own laws and policies regarding data breaches and notification requirements, there is pretty much a consensus on the basics of what elements or combination of elements constitutes as ‘personal information’ in the eyes of the law. At a minimum, personal information includes:

  1. First name or first initial and last name
                        AND
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

As mentioned, this does make up the foundation of most secular legislation on data breaches. Many states go a step further, and only consider account information requiring a pin or password as having been compromised if the required pin or password was included with the record that was stolen. That is, if the use of a debit card requires a pin for a transaction, you will not be notified of the data loss unless both your debit card number and the pin are accessed.

A few of the more progressive states, like North Carolina and Nebraska, include biometrics and fingerprint information as part of their definition of personal information. Similarly, some states, like Missouri have more specific, detailed laws, limiting the legal maneuverability that comes with ambiguity in statutes.

Even though laws regarding the majority of health and medical information and data policies are covered under the United States’ federally mandated Health Insurance Portability and Accountability Act (HIPAA), a few states do include health-related information in their definition of personal information.

One more thing that the some of the state laws regarding data breaches of personal information address is that once a relatively high number of records have been stolen, the information holders must also notify consumer reporting agencies in addition to the Attorney Generals of all states that have affected residents. The number of records lost that trigger reporting to a consumer reporting agency tend to number between 1,000 and 5,000.

When it comes to sectoral legislation, the current statutes are, in general, skewed in favor of protecting the corporate information holder, as opposed to the individuals that have their information compromised.

  • Encryption: In many states, there is specific language that says that if the personal information was redacted or encrypted at the time of the unauthorized access, then no breach or loss of data has occurred. The laws do not address the policy and notification standards for encryption that is broke post-theft.
  • Questionable Non-Personal Information: Depending on the state, some questionable information might be included as non-personal information. For example, the last four digits of your social security number may not be counted as personal information, despite the amount of accounts that only require you to confirm these four digits before making changes to your account.
  • Good-faith Acquisitions: Nearly every state lists ‘good faith acquisitions’ as exemptions to the data breach laws. A ‘good faith acquisition’ is defined a data loss event where the recipient of the personal information in question is employed internally or with a trusted vendor or partner - and is therefore not likely to be misused or further exposed. It’s important to note that businesses are not required to notify anyone in the event that the data breach meets ‘good faith’ requirements.
  • Risk of Harm Analysis: About half of the United States has laws that allow the information-holding entity to run a ‘Risk of Harm’ analysis that is used to determine the likelihood that the personal information compromised is likely to be abused or used in unauthorized transactions by the parties that have obtained it - or may obtain it in the future. In the event that the risk of harm is found to be minimal, they do not have to notify the attorney general of the state for which the analysis was run, nor do they need to notify the parties whose personal information was lost.

For most small and medium-sized businesses, a data breach, regardless of whether their information was stolen or their network had been penetrated losing client records, has the potential be catastrophic. Working with Integrated Business Technologies, we can help you take proactive data and network security measures and significantly reduce the chance that your network will fall victim to cybercriminals. Contact us at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 18 December 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Business Management Managed Service Provider Internet Cloud Business Computing Best Practices Microsoft Saving Money Productivity Workplace Tips IT Services Hosted Solutions Hackers Email Backup Malware Business Software Data Mobile Devices IT Support Hardware Small Business Network Communication Server Smartphones Upgrade VoIP Computer Business Continuity Innovation Google Windows Efficiency Mobile Device Management Data Backup Disaster Recovery Virtualization Microsoft Office Outsourced IT Tech Term Mobile Office Vendor Management Social Media Network Security Holiday Miscellaneous Gadgets Productivity User Tips Quick Tips Passwords BYOD Android Smartphone Mobile Computing Browser Windows 10 Internet of Things Data Recovery Managed IT services Remote Monitoring WiFi Bring Your Own Device Best Practice Users The Internet of Things Operating System Ransomware Spam Artificial Intelligence Alert Data Management Collaboration Save Money Trending Wireless Technology Apple Remote Computing History Gmail Firewall Office Customer Relationship Management Unified Threat Management Encryption Content Filtering Going Green Information Technology Current Events Cloud Computing Managed IT Maintenance Big Data App Analytics IT Solutions Lithium-ion Battery Facebook IT Support IT Consultant Managed IT Services Router Antivirus Printer Tech Support Saving Time Paperless Office Wi-Fi Avoiding Downtime Employer-Employee Relationship Website Customer Service Hard Drives Applications Two-factor Authentication Windows 8 Phishing Bandwidth Document Management Humor Mobile Device Cybersecurity Chrome Business Growth VPN Apps Risk Management Application Virus Hacking Computers Fax Server Phone System Outlook Healthcare Health Government Compliance Marketing Automation Excel Office Tips Retail IT service Digital Payment Project Management Wireless File Sharing PowerPoint Social Networking Unified Communications Training Tablet Windows 10 Help Desk Office 365 Data Security iPhone User Error Password Co-Managed IT Downtime Infrastructure Administration Presentation Augmented Reality Budget Vulnerability Computer Repair Proactive IT Information Point of Sale Blockchain Scam Regulations Recovery Managed Service Inbound Marketing Mouse Money BDR Files Running Cable Social Net Neutrality Licensing Data storage Cybercrime communications Save Time IT Management Internet Exlporer Wearable Technology Remote Monitoring and Management Storage Conferencing Mobility Smart Technology Robot Hiring/Firing Mobile Security Printing Display Alerts IoT End of Support LiFi Computing Statistics Tip of the week Intranet Business Intelligence Competition Network Congestion Recycling eWaste Search Virtual Desktop USB Piracy Business Owner Remote Workers Sports Hacker User Programming Data loss HIPAA Twitter Company Culture Analyitcs Education Redundancy Safety Specifications Hosted Solution IBM Settings Flexibility Machine Learning Cost Management Memory Smart Tech Authentication Cyber Monday Managing Stress Financial Laptop Private Cloud SharePoint Hacks Managed Services Provider Connectivity Authorization Documents Entrepreneur Enterprise Content Management Network Management Halloween Electronic Medical Records Business Technology PC Care Public Cloud Downloads Undo WPA3 Migration E-Commerce Macro Value People Employees Distributed Denial of Service 5G PDF Vulnerabilities eBay Hotspot Scary Stories Networking Leadership Sync Multi-Factor Security Fleet Tracking Remote Support Chatbots Features Streaming Media Star Wars Zero-Day Threat New Additions Software Tips Managed IT Service Monitors Skype Deep Learning Print Server Geography Gaming Console Text Messaging Language Virtual Reality Mobile Device Managment Google Calendar Domains Google Wallet Asset Tracking Work Station Identity Electronic Health Records Utility Computing Backup and Disaster Recovery Congratulations Break Fix Fun Writing LinkedIn Word Law Firm IT High-Speed Internet Video Surveillance Server Management Computing Infrastructure SaaS Techology Cyberattacks Legislation Public Speaking Drones Windows 8.1 Update OneNote Human Error Dark Web Cortana Social Engineering Best Available Buisness Disaster Resistance Identities Development Cooperation Chromebook Motherboard Read Only G Suite Backups Employee-Employer Relationship Hard Drive Permission Adminstration Data Warehousing Knowledge Environment CIO IT Consulting Solid State Drive Bluetooth Cables 3D Patch Management Staff Modem Bookmarks Travel Software as a Service Legal Online Currency Samsung Debate Cache Test Microsoft Excel Experience Troubleshooting Politics Data Breach Heating/Cooling Alt Codes Wires Computer Accessories Operations Cookies Favorites Meetings Technology Tips Consumers Crowdfunding YouTube Management RMM Telephony Technology Laws Typing Virtual Private Network Nanotechnology Instant Messaging Scheduling Comparison IP Address Google Drive Enterprise Resource Planning Tech Terms How To Permissions How To Unified Threat Management Refrigeration Cryptocurrency Disaster MSP Touchscreen IT Technicians Monitoring Screen Reader Finance Identity Theft Black Friday Google Docs Mobile Theft Assessment Fraud Access Control Bitcoin Digital Signature Proactive Mirgation Consulting

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code