Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Computerware to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (703) 821-8200.

Project Management: What You Need to Know
Tip of the Week: How to Print Directly From Your A...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 21 April 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Microsoft Software Business Computing Hackers Backup Managed Service Provider Productivity Workplace Tips Data Hardware Saving Money Business Malware Email IT Support IT Services Hosted Solutions Google Network Security Small Business Efficiency Quick Tips Smartphones Gadgets Mobile Devices User Tips Business Continuity Computer Disaster Recovery Virtualization Mobile Office Network Microsoft Office Server VoIP Social Media Smartphone Mobile Device Management Android Miscellaneous Innovation Upgrade Windows 10 Unified Threat Management Ransomware Windows Remote Monitoring Passwords Holiday Operating System Remote Computing Mobile Computing WiFi Vendor Management Collaboration BYOD Communication Apps Marketing Facebook The Internet of Things Analytics Managed IT services Firewall History Cybersecurity Apple Users IT Support Data Management Productivity Alert communications Managed IT Services Internet of Things Phishing IT Consultant Save Money Outsourced IT Health Bring Your Own Device Office App Automation Gmail Big data Content Filtering Spam BDR Mobile Device Managed IT Budget Data Backup Wireless Technology Search Outlook Maintenance Virus Lithium-ion Battery Bandwidth Hiring/Firing Hard Drives Antivirus Windows 8 Browser Data Recovery Artificial Intelligence Best Practice Tech Support Information Technology Going Green Update Hacking Money Office 365 Phone System Help Desk Encryption Recovery Employer-Employee Relationship Printer Cost Management IBM Document Management Data storage Two-factor Authentication Customer Service Saving Time Travel Intranet Website Legal Education It Management Hard Drive Administration SaaS Save Time Running Cable Proactive IT Computers VPN Government Networking Cybercrime Risk Management Training Humor Cloud Computing Law Enforcement Tablet Project Management Solid State Drive Company Culture Computer Repair Flexibility Current Events Excel Wireless Laptop Mobility Digital Payment Hosted Solution Robot Comparison Windows 10 Social Engineering Augmented Reality User Compliance PowerPoint Social Networking Black Market DDoS Twitter Access Control Business Growth Fax Server Telephone Systems Word Data Security Password iPhone Cortana Business Intelligence Data Loss Disaster Hacker End of Support Downtime Avoiding Downtime Data Breach Securty Politics Presentation Trending Tech Term Private Cloud Pain Points Bitcoin Virtual Desktop Statistics User Error Documents Cryptocurrency Programming Distributed Denial of Service Blockchain Heating/Cooling Google Docs Cleaning Public Cloud Gaming Console Streaming Media Office Tips Inbound Marketing Regulations Retail Paperless Office eWaste Business Technology Webcam Experience Value Sports Chrome Computing Identity Theft Scam Automobile Router IT service Computer Accessories Virtual Reality Customer Relationship Management How To Digital Specifications Websites Safety Bluetooth Mouse Computing Infrastructure Social Tech Terms Start Menu Taxes Co-managed IT Text Messaging Software as a Service Network Congestion Uninterrupted Power Supply Telephony Monitors Lifestyle Data Protection YouTube Settings Patch Management Unified Communications Google Maps Net Neutrality Emails Vulnerabilities Redundancy Mobile Technology Processors USB Hack switches Meetings Business Cards IP Address Writing Video Surveillance Consultation Saving ZTime Cabling LinkedIn Mobile Payment Human Resources Chromebook Audit Administrator Skype Supercomputer Piracy Messenger Archive Debate Work/Life Balance Emergency Worker HTML Machine Learning Television Upselling Download Point of Contact Webinar Computer Care Teamwork Google Drive IT consulting Employer Employee Relationship Software License Books Storage PDF Vulnerability Thin CLient Licensing Devices SharePoint Botnet Tip of the week Microchip Keyboard Printing Best Available Electricity CIO Windows XP Product Reviews IT Plan Reading Domains Best Practives Society Leadership Read Accountants Evernote Computer Malfunction Virtual Assistant Hacks Shortcut Downloads Micrsooft WannaCry Time Management Migration Relocation Microserver Device Management Troubleshooting Data Warehousing Staffing Environment Equifax Motion Sickness Hard Drive Disposal Notifications Competition Google Calendar Business Owner Touchscreen Tracking Desktop Reliable Computing online Currency Turn Key Windows Server 2008 Trojan Knowledge Music Startup Web Server Unified Threat Management Organize Application Technology Tips Upgrades LiFi Workers Applications Windows 7 Smart Tech Fiber-Optic Rental Service Deep Learning Digital Signature Access GPS Entertainment Visible Light Communication Samsung Mobile Security Memory Freedom of Information Wi-Fi Multi-Factor Security G Suite 3D Physical Security Fraud Ebay Spyware Recycling Advertising Analytic Tablets UTM Flash Harddrive News Google Wallet Legislation Sync Adminstration CCTV email scam Public Speaking Displays Pirating Information cache Multi-factor Authentication External Harddrive Fake News Banking Entrepreneur Drones Corporate Profile Wireless Headphones In Internet of Things Business Managemenet File Sharing Content Management HIPAA Assessment Language Get More Done Electronic Payment Permissions Device security Scalability Smart Phones Microsoft Excel Business Metrics Printer Server VoIP Capital Productuvuty 3D Printing CrashOverride Nanotechnology