Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Your State Demands Data Security Notifications… Will You Be Notified?

Your State Demands Data Security Notifications… Will You Be Notified?

In the last few months, there have been several high-profile data security breaches that led to the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal identity theft and prevention, it’s imperative to keep in mind that not all the stolen data records target individuals. Organization entities are also at risk. Vendors and partners that you do business with regularly will probably have record of your company’s non-public information, payment information, or tax ID number.


In the wake of the major breach of Equifax that resulted in 143 million records stolen, there have been numerous questions raised about data security and breach notification laws. One of the most troubling issues was the extended delay between when the breach was discovered by Equifax and when the public was notified of the breach. To help clarify how data breach notifications work and why it was technically acceptable for Equifax to wait as long as they did before notifying their customers, there are a few things you should know.

State Laws
Only 47 out of 50 states currently have data breach laws. Alabama and New Mexico have proposed bills regarding data security and notification that are before their state legislature. The only holdout on data breach laws is South Dakota, who has yet to propose a bill of any kind.

Since each state has its own laws on data security, there are no unified standards, and laws vary in each state. For example, New York law requires that notification of a breach should be given in the most expedient time possible and without unreasonable delay. In Wyoming, however, notice of a breach must be reported within a reasonable time that is not to exceed 45 days after the entity learns of the acquisition of personal information. Florida requires notification within 30 days.

However, these notification deadlines aren’t set in stone. Nearly all of the policies stipulate that they will allow the entity to delay notification for cause. Reasons for delay vary from state to state; however, criminal investigations or national security are both common reasons that a delay in notification would be allowed.

Federal Laws
There are currently no comprehensive data breach laws on the federal level. While the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are federally mandated regulations that have data breach policies enforced by the federal government, they are industry-specific. There is no federal law that encompasses a general data security policy.

Since Equifax is a financial institution, it’s required that they adhere to the standards set forth by the GLBA. Unfortunately for about half of American adults, the GLBA does not have a deadline for disclosure. The act merely says that the financial organization should notify the affected party ‘as soon as possible’. Despite waiting 40 days before disclosing the breach, Equifax was following the regulations as outlined by the GLBA.

In addition to having different notification laws for each state, other aspects of data security laws are just as diverse. Each state has different policies on who the law applies to, what constitutes a breach, who must be notified, how they must be notified, enforcement and penalties, and entities exempt from the law.

Are you familiar with data breach notification laws for your state? The National Conference of State Legislatures offers current laws for each state. SMBs should be aware of the data security laws that might affect them and how to handle the situation - regardless of whether they’re the entity that was breached or had their information stolen. The good news is that you don’t have to go it alone. Macro Systems can help you make sure that your non-public information doesn’t go public.

Ransomware: The Smaller The Business, The Larger T...
Windows Ink Adds A Further Element To Your Busines...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, March 28, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030