A data breach can result in a very stressful and difficult time for any business; no organization wants to be faced with such a thing, and we don’t blame them! If affected by a breach you can wind up being at risk financially and your reputation can take a hit, which can be hard to overcome. While we are becoming more and more knowledgeable in relation to protecting ourselves from data breaches, they sadly do still occur and can take place out of nowhere with no warning.
Ongoing improvements to technology are without a doubt assisting in workplace efficiencies and competences, but at the same time they are unfortunately also helping hackers in their ability to locate and obtain confidential, private information. This is becoming a regular reality, however, data breaches primarily stem from the physical loss or theft of devices and documents containing private details. If your business circulates and stores sensitive employee information or customer data, you have a legal obligation to report if and when it is known that information has been leaked.
Normally when data breaches take place they make major news, especially if they involve large corporations; today however, data breaches happen so frequently to companies of all sizes and industries that they don’t always get reported. In 2016, an estimated 36.6 million records were made public through some variation of breach.
The potential for data breach to take place at any given time isn’t all you should be worried about. Did you know that there are state laws that mandate the steps your business should take following a breach?
In the United States, each state (aside from Alabama, New Mexico & South Dakota) has strict laws in place with such requirements. What are they? Security Breach Notification Laws. The National Conference of State Legislatures has a compiled list of breach notification laws that can be viewed through their website. These laws also reveal how companies may inform victims of data breaches, as well as who is obligated to comply by them. Here are some key points in relation to breach notification laws in the US.
- Breach notification laws in the US only relate to enumerated variations of data that are deemed quite confidential in nature (social security numbers, drivers’ license numbers, bank account numbers etc.).
- Certain US legislations require notification for material breaches only. These are breaches that compromise the security or privacy of an individual.
- The shortest time frame to inform victims of a data breach is 10 days. Failure to meet these time periods will typically result in severe penalties against the information-holding party.
- Penalties for not notifying parties change slightly by state, and they may include fines or additional action against the party that fails to respond.
The first such law was announced in California in 2002, and came into effect in mid-2003. The laws established in most other states follow the same basic system of California’s law. The California bill can be reviewed here for more information. A list of the notification bills for alternative states can be found here.
Do your best to have document shredding services in place on a regular basis, and in turn you will do wonders in protecting yourself from the risk of a data breach. If you have secure document destruction in place, you are doing your part in staying compliant with privacy legislation.
Contact SAFESHRED for further details on our document shredding solutions. We are happy to assist you.