facebook linkedin twitter

Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Computerware to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (703) 821-8200.

Project Management: What You Need to Know
Tip of the Week: How to Print Directly From Your A...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, October 23, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Business Computing Software Hackers Microsoft Backup Managed Service Provider Workplace Tips Productivity Data Hardware Saving Money Business Email Malware Network Security IT Services IT Support Efficiency Hosted Solutions Google Small Business Computer User Tips Smartphones Quick Tips Gadgets Mobile Devices Business Continuity Disaster Recovery Innovation Microsoft Office Android Mobile Office Virtualization Network Social Media Mobile Device Management VoIP Server Collaboration Communication Miscellaneous Smartphone Ransomware Windows 10 Upgrade Unified Threat Management Windows Data Recovery Data Backup Tech Term IT Support Passwords Remote Monitoring Operating System Vendor Management Managed IT services Holiday Mobile Computing Productivity BYOD Remote Computing Cybersecurity WiFi Apps Facebook communications The Internet of Things Analytics Marketing BDR Apple Users Automation History Firewall Outsourced IT Internet of Things Mobile Device Managed IT Services Alert Data Management Phishing Browser IT Consultant Save Money Artificial Intelligence Big data App Maintenance Content Filtering Gmail Going Green Bandwidth Health Bring Your Own Device Encryption Office Antivirus Spam Budget Printer Hiring/Firing Best Practice Information Technology Hard Drives Tech Support Two-factor Authentication Lithium-ion Battery Virus Managed IT Cybercrime Help Desk Wireless Technology Cost Management Search Windows 8 Outlook Office 365 Money Training Document Management IBM Business Technology Computers Saving Time Recovery VPN Travel Phone System Employer-Employee Relationship Cloud Computing Update Hacking SaaS Humor Access Control Customer Service Law Enforcement Running Cable Proactive IT Hard Drive It Management Government Compliance Website Data storage Intranet Education Administration Windows 10 Networking Legal Risk Management Regulations Save Time Disaster User iPhone Computing End of Support Hosted Solution Comparison Tablet Robot Company Culture Securty Computer Repair Excel File Sharing Wireless Data Security Applications DDoS Social Networking Customer Relationship Management Solid State Drive Patch Management Blockchain Mobility Augmented Reality PowerPoint Data Loss Flexibility Social Engineering Black Market Twitter Word Current Events Laptop Data Breach Password Cortana Business Growth Project Management Hacker Business Intelligence Information Fax Server Machine Learning Avoiding Downtime Paperless Office Digital Payment Sports Downtime Telephone Systems Healthcare Computer Accessories Software as a Service Public Cloud Virtual Desktop Uninterrupted Power Supply Specifications Pain Points Safety Trending Social Identity Theft IT service Mouse Documents Bitcoin Heating/Cooling Data Protection Entertainment Programming Storage Statistics Google Maps Network Congestion Virtual Reality Vendor Bluetooth Managed Service Politics Conferencing Automobile Emails Gaming Console Scam Chromebook Retail Cryptocurrency Redundancy Google Docs Streaming Media Computing Infrastructure Hack Co-managed IT Webcam User Error eWaste Text Messaging Monitoring How To Value Experience Private Cloud Monitors Download Cleaning Office Tips Digital Net Neutrality Management Chrome Telephony Lifestyle Processors Websites USB Inbound Marketing Start Menu Tech Terms YouTube Taxes Router Vulnerabilities Distributed Denial of Service Presentation Mobile Technology Unified Communications Settings Drones G Suite Application Electronic Medical Records Computer Care online Currency Device security MSP Employer Employee Relationship Human Resources Microsoft Excel Nanotechnology Social Network Licensing Desktop Finance Hacks Physical Security Microserver Google Drive Windows Server 2008 Vulnerability Business Cards Service Level Agreement Banking Botnet Spyware Dark Web Mobile Payment Permissions Language LinkedIn Startup Asset Tracking Relocation Tablets Unified Threat Management Backup and Disaster Recovery Sync Digital Signature Electricity Health IT Printing Username Get More Done Screen Reader Customer Resource management Printer Server Teamwork switches Writing Archive Gamification Notifications CCTV Turn Key Upselling Windows 7 Music Skype Video Surveillance Upgrades Piracy Upload Business Metrics Computer Malfunction cache Bookmark Television Smart Tech Distribution Reliable Computing Trojan Point of Contact Fiber-Optic Database In Internet of Things Organize Saving ZTime WannaCry Downloads LiFi HTML PDF Telephone System Best Available Keyboard Corporate Profile Mobile Security Time Management Freedom of Information Debate Deep Learning Software License Trends Motion Sickness Harddrive Domains Assessment Browsers SharePoint Work/Life Balance Multi-Factor Security Cost Scalability Tip of the week Analytic Fraud Tactics Public Speaking User Tip Google Calendar Visible Light Communication Memory Recycling Devices Messenger Tracking GPS Product Reviews Webinar External Harddrive Shortcut VoIP IT consulting UTM Content Rental Service Meetings Touchscreen News Cabling Entrepreneur Knowledge Read IT Plan Enterprise Resource Planning Web Server Troubleshooting Consultation Data Analysis Evernote Legislation Error Virtual Assistant CIO email scam Addiction Wi-Fi Administrator HIPAA Thin CLient Technology Tips Advertising Flash Accountants A.I. Books Workers Environment 3D Ebay Smart Phones Competition Audit Windows XP Device Management Multi-factor Authentication Supercomputer Electronic Payment Fake News Staffing Google Wallet Worker Displays Content Management Migration Connected Devices Microchip Business Owner Data Warehousing Society Business Managemenet Wireless Headphones Telephone Pirating Information Emergency Hard Drive Disposal Micrsooft Network Management IP Address Leadership Access Proxy Server Equifax Fleet Tracking Reading Best Practives Samsung Adminstration Productuvuty Managing Stress CrashOverride Regulation 3D Printing Printers Capital Fileless Malware