Blog

Why You Should Pay Attention to Data Security Notifications

Why You Should Pay Attention to Data Security Notifications

If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.


The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws--and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We’re not here to argue the ethics of Equifax’s decision to withhold information on this breach--we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers.

State Laws
At the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so.

Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York’s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming’s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days.

These notification deadlines aren’t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed.

Federal Laws
While there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways.

Due to Equifax being a financial institution, it’s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn’t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong--even if they should have been morally obligated to inform users as soon as possible.

Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws affect, what exactly defines a breach, who must be notified, how they must be notified, how the laws are enforced (and penalized), and who is exempt from the law.

If you need to know more information about the data breach notification laws of your state, the National Conference of State Legislatures offers current laws for each state. Your business needs to know how it will be affected by a data breach. To learn more, reach out to White Mountain IT Services at 603-889-0800.

Related Articles

  • Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
  • Signs That Your Business Needs to Upgrade Your Crucial IT Chances are if you are in business today, there are a lot of devices on your network that you haven’t touched in years, might not be using, or don’t even need. Unfortunately, there are times when the technology you have doesn’t really do much other than take up space. If you feel like you are spendi...
  • Could You Spot a Social Engineering Attack? As invaluable as the security solutions that protect a network are, they can be effectively rendered useless if a cybercriminal is skilled in social engineering. Social engineering is the practice of using manipulation to access protected resources, as we will review later. If your business and its ...
  • Here’s How Companies Struggle with IT Security No business can be successful if it’s constantly suffering from data breaches. Therefore, you should take measures to mitigate the issues caused by these threats before they present themselves. Here are four of the biggest issues your business could face in the field of network security. Password...
  • Help! My Staff Hates My Company’s IT! Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone. More oft...
  • A Brief Overview of Network Security The reliance the modern business has on its IT cannot be understated. As a result, to keep their computing network and infrastructure running efficiently, companies need to have a network and cybersecurity policy in place. With the development and use of organizational computer networks with multipl...
With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

603-889-0800

White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064

 

 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions