Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Computerware to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (703) 821-8200.

Project Management: What You Need to Know
Tip of the Week: How to Print Directly From Your A...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 20 November 2017

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Microsoft Managed Service Provider Software Workplace Tips Backup Business Computing Productivity Hackers Data Saving Money Hardware Business Malware Email IT Support IT Services Hosted Solutions Google Efficiency Quick Tips Smartphones Small Business Gadgets Business Continuity Mobile Devices Computer Mobile Office User Tips Disaster Recovery Network Security Network Virtualization Microsoft Office Server VoIP Windows 10 Miscellaneous Upgrade Social Media Mobile Device Management Windows Unified Threat Management Ransomware Smartphone Android Operating System Remote Computing Passwords Innovation BYOD Communication WiFi Vendor Management Remote Monitoring The Internet of Things Holiday Apps Mobile Computing Marketing History Facebook Collaboration Users Managed IT services Firewall Analytics Apple Data Management Save Money IT Consultant Outsourced IT IT Support Alert Big data Bring Your Own Device Office Health Managed IT Services Phishing Automation Productivity Content Filtering Going Green BDR Spam Virus Browser App Wireless Technology Search communications Budget Windows 8 Lithium-ion Battery Managed IT Tech Support Hard Drives Artificial Intelligence Hiring/Firing Outlook Best Practice IBM Recovery Employer-Employee Relationship Encryption Phone System Update Data Backup Printer Cybersecurity Help Desk Antivirus Internet of Things Gmail Maintenance Information Technology Government Document Management Mobile Device Saving Time Customer Service Humor Law Enforcement Travel Education Data storage It Management Proactive IT Computers Legal Save Time Money Running Cable SaaS Administration Bandwidth Data Recovery Word Black Market Computer Repair Risk Management Password Cost Management Networking Hacker Intranet Telephone Systems Tablet Training Disaster Fax Server Two-factor Authentication Wireless Digital Payment Securty Website Solid State Drive Avoiding Downtime Flexibility PowerPoint Hard Drive Social Networking Mobility Hacking Current Events VPN Twitter Office 365 Windows 10 User iPhone Hosted Solution Business Intelligence DDoS Access Control Uninterrupted Power Supply Compliance Cybercrime Trending Cortana Patch Management Google Maps Business Growth Statistics Monitors Telephony Processors Cloud Computing Downtime Co-managed IT Hack USB Presentation Streaming Media YouTube Project Management Settings Company Culture Unified Communications Inbound Marketing Lifestyle Virtual Desktop End of Support Documents Chrome Programming Heating/Cooling Politics Router Computer Accessories Public Cloud Comparison Customer Relationship Management Retail Augmented Reality Experience Google Docs Laptop Pain Points Text Messaging Scam Automobile Office Tips User Error Excel Paperless Office How To Sports Gaming Console Computing Safety Social Net Neutrality Start Menu Robot Taxes Webcam Software as a Service IT service Network Congestion Virtual Reality Microserver Mobile Technology Music G Suite Upgrades Physical Security Social Engineering Spyware Bluetooth Tablets Analytic LiFi Video Surveillance Saving ZTime Data Security Computing Infrastructure LinkedIn Data Protection Turn Key Mobile Payment Sync cache Deep Learning CCTV Trojan Public Speaking Rental Service Memory Archive Organize Visible Light Communication Debate In Internet of Things Data Loss Entrepreneur Wi-Fi Corporate Profile Assessment HIPAA Point of Contact Emails Business Managemenet Redundancy Electronic Payment Flash Advertising Scalability Thin CLient Data Breach VoIP Google Wallet Consultation Displays Meetings IP Address Human Resources Cabling Private Cloud Administrator Leadership Audit Banking Drones Harddrive Supercomputer Skype File Sharing Emergency Language Worker Permissions Device Management Machine Learning Distributed Denial of Service Computer Care Business Metrics Teamwork External Harddrive Google Drive Storage Writing Employer Employee Relationship switches PDF online Currency Licensing Botnet Get More Done Printing Keyboard Chromebook Electricity Best Available Smart Phones Messenger Product Reviews Printer Server Domains Business Technology eWaste Work/Life Balance Read Cryptocurrency Mouse Computer Malfunction Downloads Shortcut Download WannaCry Value Books Time Management Troubleshooting IT consulting GPS Staffing Environment Cleaning Motion Sickness CIO Google Calendar Competition Microchip Reading Touchscreen Business Owner Upselling Regulations Tracking Webinar Windows XP Ebay 3D Knowledge Society Recycling Micrsooft Web Server Technology Tips Application Hacks Digital Relocation Websites Specifications Workers Pirating Information Adminstration Tech Terms Identity Theft Best Practives Notifications Access Digital Signature Reliable Computing Entertainment Content Management Samsung Television Capital Productuvuty Vulnerability 3D Printing CrashOverride

hp supplies medallionLarge2017