Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Always Be Aware of Data Security Notifications

Always Be Aware of Data Security Notifications

If you’ve watched the news lately, you may have seen the Equifax breach and the absurd fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s vital to realize that it’s usually not your specific credentials targeted by cyber criminals. Since businesses often hold onto valuable information, they have large targets planted onto them. It doesn’t stop there--any vendors or partners you deal with are also in danger of cyber attacks.


The Equifax breach, which resulted in 143 million records being stolen, has many people worried about their data security and data breach notification laws--and with good reason. One of the largest points of contention with the Equifax breach was that it took so long for them to notify the public after the incident. We’re not here to dispute the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you comprehend the technicalities behind why it was acceptable for them to wait so long before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another problem arises from the fact that these laws are state-exclusive with no unifying standards. Thus, the laws could be very different from state-to-state. For example, New York’s law stipulates that notification of a breach should be given as soon as possible, without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida demands notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Notice how all of them allow companies to delay notification if there is a valid cause. Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are numerous industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Because Equifax is a financial institution, it’s expected to continue the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if some will argue they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other parts of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to Macro Systems at 703-359-9211.

Which VPN is Best For Your Organization?
Virginia To Update Voting Machines
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030