Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Computerware to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (703) 821-8200.

Project Management: What You Need to Know
Tip of the Week: How to Print Directly From Your A...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, July 17, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Software Microsoft Business Computing Hackers Backup Managed Service Provider Workplace Tips Productivity Data Hardware Saving Money Business Malware Email IT Support IT Services Hosted Solutions Google Network Security Small Business Efficiency Smartphones Quick Tips Gadgets Business Continuity Mobile Devices User Tips Computer Disaster Recovery Mobile Office Virtualization Network Innovation Microsoft Office Android VoIP Social Media Mobile Device Management Server Smartphone Miscellaneous Upgrade Windows 10 Unified Threat Management Windows Ransomware Operating System Remote Monitoring BYOD Remote Computing Collaboration Passwords Communication Holiday Mobile Computing WiFi Vendor Management Cybersecurity Apps Managed IT services Data Backup The Internet of Things Data Recovery IT Support Marketing Facebook History Apple Firewall Analytics Users BDR Productivity Data Management communications Tech Term Automation Internet of Things Alert IT Consultant Phishing App Outsourced IT Artificial Intelligence Managed IT Services Save Money Spam Health Content Filtering Gmail Bandwidth Going Green Office Mobile Device Big data Bring Your Own Device Tech Support Antivirus Virus Search Cost Management Hiring/Firing Hard Drives Budget Best Practice Information Technology Lithium-ion Battery Windows 8 Outlook Managed IT Browser Cybercrime Maintenance Encryption Wireless Technology Printer Hacking Money Document Management Office 365 Phone System Computers Travel IBM Recovery Update Employer-Employee Relationship Help Desk Administration Save Time Legal Networking Regulations Training Running Cable Proactive IT SaaS It Management Saving Time Customer Service Two-factor Authentication Business Technology VPN Hard Drive Intranet Law Enforcement Education Website Government Compliance Data storage Cloud Computing Risk Management Windows 10 Humor Password Cortana Business Growth Digital Payment Downtime Hacker Tablet Comparison Avoiding Downtime Company Culture Paperless Office Access Control Telephone Systems Computer Repair Social Networking Current Events Disaster iPhone User End of Support Hosted Solution Data Security Applications Robot Twitter Patch Management Blockchain Wireless Securty Excel DDoS Data Loss Customer Relationship Management Mobility Solid State Drive Fax Server Augmented Reality Social Engineering Flexibility Black Market PowerPoint Data Breach Word Business Intelligence Project Management Laptop Websites Private Cloud Experience Download Value Router Cleaning Start Menu Tech Terms Monitors Telephony Computer Accessories Vulnerabilities Office Tips Mobile Technology Software as a Service Machine Learning Processors Healthcare Taxes YouTube Inbound Marketing Uninterrupted Power Supply Distributed Denial of Service USB Trending Presentation Unified Communications Settings Mouse Sports Computing Bitcoin Public Cloud Pain Points Co-managed IT Specifications Safety Programming Data Protection User Error Virtual Desktop Statistics Network Congestion Identity Theft Social IT service Documents Google Maps Heating/Cooling Politics Storage Streaming Media Scam Lifestyle Virtual Reality Bluetooth Redundancy Automobile Emails Gaming Console Chromebook Retail Cryptocurrency Computing Infrastructure Hack Net Neutrality Text Messaging How To eWaste Chrome Google Docs Webcam Digital IT consulting Fake News Cabling Content Management Management External Harddrive Audit Web Server Shortcut Multi-factor Authentication Business Managemenet Information Data Warehousing Books Workers Troubleshooting Wireless Headphones Get More Done Wi-Fi Administrator Entrepreneur Migration Connected Devices Supercomputer HIPAA Equifax Advertising Flash 3D Ebay Emergency Hard Drive Disposal Turn Key Environment online Currency Network Management CIO Thin CLient Access Printer Server Windows XP Microsoft Excel Worker Electronic Payment Staffing Google Wallet Smart Phones Computer Care Trojan Microchip Competition Device security Displays Google Drive Windows Server 2008 Organize Reading Samsung Business Owner Nanotechnology Society Desktop LinkedIn Finance Employer Employee Relationship IP Address Startup Adminstration Pirating Information Vulnerability G Suite Business Cards Service Level Agreement Micrsooft Leadership Spyware Mobile Payment Skype Licensing Human Resources Unified Threat Management Archive Backup and Disaster Recovery Drones Electricity Printing Hacks Physical Security Application Windows 7 Relocation Tablets Screen Reader Banking Botnet Gamification Television Webinar File Sharing Point of Contact Smart Tech Permissions Language Sync Piracy Upload cache Digital Signature HTML Fiber-Optic Database WannaCry Downloads Notifications CCTV switches Writing Upselling Time Management Freedom of Information Reliable Computing Entertainment Conferencing Music Corporate Profile Business Metrics Computer Malfunction Teamwork Mobile Security Assessment SharePoint Multi-Factor Security Analytic Video Surveillance In Internet of Things Recycling Software License Trends Upgrades Devices Product Reviews LiFi Tip of the week PDF Fraud Tactics Saving ZTime Google Calendar Touchscreen News Scalability Monitoring Read VoIP Best Practives Motion Sickness Best Available Keyboard UTM Content Harddrive Consultation Evernote Messenger Tracking Domains Legislation Work/Life Balance Debate Knowledge IT Plan Enterprise Resource Planning Deep Learning Rental Service Meetings Public Speaking Accountants Visible Light Communication Memory GPS Virtual Assistant Microserver Device Management email scam Addiction Technology Tips 3D Printing Capital MSP Productuvuty Username Managing Stress CrashOverride