Data breaches occur; it is a fact of life that we must live with. We can however prepare and minimize damage by following state laws that require data breach notifications. All 50 states, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands require an organization to notify others when a breach has occurred. These state laws require not only companies that own a consumer’s personal information, but also organizations that maintain or control personal information they do not own. If you are not aware of the data breach laws in your state, click here.
While most notification laws have similar aspects, there are plenty of differences. A one-size-fits-all approach, often times, will not suffice. Below is a list of elements and questions that must be asked when examining your state’s breach notification laws to keep your data breach response plan up to date.
What is Considered a Data Breach?
A data breach is the intentional or unintentional release of confidential, private, or secured data to an untrusted entity. Information such as credit card numbers, social security numbers, Personally Identifiable Information, Personal Health Information, and bank account information are common targets in a data breach. Typically, data breaches occur for monetary gain and happen right under our noses.
How does your state define personal data?
In the event of a data breach, it is often ‘personal information’ that triggers a data breach notification. Most state laws use a common definition of personal information; Any information that consists of a consumer’s name, and at least one of the following: Social security number, driver’s license number, or any financial information. It is crucial that businesses place some sort of policy or regulation when it comes to their workers safeguarding their information, as it could come back to potentially harm the company.
What triggers a breach notification in your state?
Security breach notification laws have been implemented in all 50 stats in the United States of America. Security breach laws typically have provisions regarding who are required to comply with the law. A notification is triggered only if it is believed that the unauthorized access of personal information will lead to harm to the consumer.
How are you allowed to notify consumers of a possible breach?
There are many methods by which consumers can be notified of a personal information breach. Many states allow notification via telephone, while some permit email notification. The most accepted form of notification is through a written letter. Depending on the size of the data breach, a public announcement must be made as well using various media outlets. If you are unsure of how to avoid a data breach, click here to learn more about preventative policies and procedures.
Contact us today to talk to a qualified individual and to learn more about state data breach notification.