Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Computerware to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (703) 821-8200.

Project Management: What You Need to Know
Tip of the Week: How to Print Directly From Your A...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 20 January 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Microsoft Software Hackers Managed Service Provider Business Computing Workplace Tips Productivity Backup Data Hardware Saving Money Business Malware Email IT Support IT Services Hosted Solutions Google Efficiency Quick Tips Smartphones Small Business Gadgets Network Security User Tips Mobile Devices Business Continuity Mobile Office Computer Disaster Recovery Network Virtualization Microsoft Office Server VoIP Social Media Windows 10 Mobile Device Management Miscellaneous Upgrade Unified Threat Management Android Windows Smartphone Ransomware Passwords Innovation Holiday Operating System Remote Computing WiFi Mobile Computing Vendor Management BYOD Remote Monitoring Communication Collaboration Marketing The Internet of Things Apps Facebook Firewall Analytics Users History Managed IT services Apple Data Management IT Support Alert Phishing Cybersecurity Managed IT Services Save Money IT Consultant Outsourced IT Health Automation Gmail Big data App Productivity Content Filtering Bring Your Own Device Office Lithium-ion Battery Hiring/Firing Hard Drives Outlook Browser Virus Artificial Intelligence communications Best Practice Going Green BDR Spam Budget Windows 8 Wireless Technology Managed IT Search Tech Support Data Backup Office 365 Money Internet of Things Bandwidth Help Desk Antivirus Maintenance Recovery Employer-Employee Relationship Encryption Cost Management Phone System Information Technology IBM Mobile Device Printer Update Legal Save Time SaaS Running Cable It Management Hard Drive Proactive IT Computers Government Administration Risk Management Networking Document Management Customer Service Law Enforcement Travel Saving Time Education Humor Data storage Hacking Digital Payment Current Events Excel User Comparison Hosted Solution PowerPoint Robot Social Networking DDoS Mobility VPN Twitter Black Market Word Windows 10 Cortana Password Business Growth iPhone Hacker Business Intelligence Telephone Systems Training Tablet Disaster Data Recovery Two-factor Authentication End of Support Computer Repair Wireless Fax Server Securty Website Solid State Drive Intranet Flexibility Project Management Avoiding Downtime Office Tips Chrome Pain Points Distributed Denial of Service Paperless Office Router User Error Public Cloud Sports Computer Accessories Safety Customer Relationship Management Specifications Computing Augmented Reality Social Gaming Console Mouse Network Congestion IT service Text Messaging Webcam Social Engineering Automobile Compliance Scam Cybercrime Computing Infrastructure How To Digital Start Menu Telephony Monitors Net Neutrality Processors Downtime Taxes Bitcoin Software as a Service USB Access Control Presentation Uninterrupted Power Supply Co-managed IT YouTube Unified Communications Company Culture Settings Virtual Desktop Trending Data Security Documents Programming Lifestyle Google Maps Heating/Cooling Patch Management Statistics Politics Cloud Computing Retail Hack Cryptocurrency Streaming Media Experience eWaste Inbound Marketing Google Docs Laptop Audit Leadership Troubleshooting Books Administrator Windows Server 2008 IT consulting Unified Threat Management Cleaning Staffing Environment Supercomputer Worker Microchip Machine Learning CIO Device Management Competition Emergency Windows XP Computer Care Business Owner Reading Regulations Windows 7 Fiber-Optic Society Google Drive Employer Employee Relationship Licensing Webinar Hacks Micrsooft online Currency Application Vulnerability Upselling Printing Electricity Relocation Botnet Freedom of Information Identity Theft Fraud Digital Signature Notifications Business Technology Downloads Entertainment WannaCry Reliable Computing Computer Malfunction News Best Practives Virtual Reality email scam Music Time Management GPS Upgrades LiFi Google Calendar Microserver Analytic Motion Sickness Bluetooth Fake News Vulnerabilities Ebay Touchscreen 3D Tracking Knowledge Rental Service Deep Learning Mobile Technology Recycling Public Speaking Visible Light Communication Technology Tips Turn Key Web Server Memory Microsoft Excel Workers Trojan Wi-Fi Business Cards Pirating Information Entrepreneur Websites Adminstration Tech Terms HIPAA Organize Business Managemenet Mobile Payment Advertising Electronic Payment Access Flash Samsung Google Wallet Content Management IP Address G Suite Displays Television Human Resources Spyware Physical Security Blockchain Tablets Banking Drones Video Surveillance Saving ZTime Data Protection File Sharing Skype Sync SharePoint LinkedIn Permissions cache CCTV Language Tip of the week Teamwork Business Metrics Archive Debate Harddrive Data Loss Storage Corporate Profile In Internet of Things Writing Evernote switches Point of Contact PDF Assessment External Harddrive Emails Virtual Assistant Best Available Chromebook Scalability Keyboard Redundancy Domains Data Breach Thin CLient VoIP Messenger Product Reviews Data Warehousing Consultation Smart Phones Read Meetings Get More Done Work/Life Balance Hard Drive Disposal Value Cabling Printer Server Download Private Cloud Shortcut Capital 3D Printing Productuvuty CrashOverride Piracy Software License

hp supplies medallionLarge2017