KT Connections Blog

KT Connections has been serving the Rapid City area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Understanding Data Breaches Is The First Step To Stopping Them

Understanding Data Breaches Is The First Step To Stopping Them

Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.

In actuality, there is a considerably good chance that your personal information has already been compromised--but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?

Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:

  1. First name or first initial and last name
    AND
  2. One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.

Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.

In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.

Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.

Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.

Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:

  • Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
  • Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
  • Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
  • Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn't need to notify parties involved.

The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at KT Connections to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at 605-341-3873.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 23 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy hackers Email malware Business Computing Network Security Cloud Internet Google software User Tips Business Ransomware Efficiency Backup Data IT Support Small Business Mobile Device Management Microsoft IT Support Computer Android Facebook Productivity Hardware Network Phishing Smartphone Windows Hosted Solutions VoIP Gmail Mobile Devices Managed IT Services Money cybersecurity Cloud Computing Alert Microsoft Office Artificial Intelligence communications Windows 10 Data Management Business Continuity Internet of Things Data Security IT Management Operating System Smartphones Outlook Networking Antivirus Office 365 Bandwidth Nextiva Cost Management Update Data storage Unified Communications Upgrade Social Media IT Services Outsourced IT Hard Drive security cameras Disaster Recovery Passwords Communication data breach End of Support Apple vulnerability Business Management BDR Encryption Managed IT Services Robot Cryptocurrency Server Start Menu Politics App Hacking News Big Data Automation Events vulnerabilities The Internet of Things Data Protection Apps Word Scam Event Marketing Gadgets BYOD Lunch and Learn Data Recovery botnet Local Buzz Bitcoin Google Wallet WiFi Google Docs South Dakota Legal YouTube Data Backup Digital Best Practice Access Control Patch Management Holiday Collaboration IoT security solutions Drones Spam Social Engineering Remote Monitoring Firewall History Project Management Productivity Analytics Customer Service Browser Search IBM Innovation Save Money Google Maps Windows 10 SaaS Law Enforcement Saving Money Document Management Information Technology Information Security Computer Care tool Virtual Reality Sarbanes-Oxley Act Business Security Distributed Denial of Service Black Market IT Solutions Administration Google Play Store Freedom of Information eWaste business owner Conference Business Technology Email Security Communications appointment Chamber of Commerce End User Testing Cleaning Printing Retail Running Cable Time Management Uninterrupted Power Supply Attorneys Fake News Memory Computing Infrastructure communication solutions Disaster Phone System Downloads Webcam Cabling Unified Threat Management Business Growth identity theft Managed Services botnet attack Network Congestion camera Virtualization Microsoft Excel Social Deep Learning Hardware as a Service Microsoft Bookings Remote Computing Dell ’s Sonicwall Global Management System Google Calendar Microsoft Office 365 Budget media experience Corporate Profile Education Business Cards macbook Programming Knowledge Hack Office Experience HaaS booking process Rebrand Password Business Communications Microsoft Office 365 features Worker Business Comunications Blockchain information Cloud Backup VPN DDoS attacks Press Release Event Rapid City Tech Terms Vendor Management File Sharing Sports Vendor Mangement Touchscreen Solid State Drive Applications Wireless Technology Comparison Web Servers Excel Flash Virtual Machines LiFi Cybercrime Local Technology DDoS Mixer enterprise productivity software IoT Devices Monitors Workers Business Mangement security precautions Physical Security Internet 101 Streaming Media Websites Hosted Solution Tips and Tricks Penetration Testing Society Specifications Tip of the week Settings Risk Creep Visible Light Communication Sales Tax Access Vendors Displays Samsung Windows XP Software as a Service Unified Threat Management Internet Connected Devices Phishing Scams password manager LastPass Windows 8 Television Virtual Assistant IT for Oil Companies Website Redundancy How To Workplace Tips Spyware Community Involvement Fast food Laptop Audit Tablets Compliance Google Drive Proactive IT Virus Quick Tips IT Consultation face user confidence Tech Support Mouse Bluetooth Mobile Device Risk Management Advertising Office Tips Mobility Download Tablet Maintenance Telephony Music Virtual Desktop Law IT IT Assessment surveillance cameras Printer SharePoint Safety Hard Drive Disposal Kaseya Managed Service Provider Content Filtering Cache Cortana healthcare Government SOX Fortinet Writing VoIP Lawyers IT Strategy Trend Micro LastPass IT Security email scam communication device Kaseya Connect Emergency Managed IT AtomBombing Scalability scams IT Consultant Telephone Systems G Suite network security professionals Processors Health Computer Malfunction Travel Employer-Employee Relationship Training CrashOverride Banking Sync Messenger Playbook Microchip 3D Printing Private Cloud Employer Employee Relationship In Internet of Things Digital Payment Books breach methods Motion Sickness Work/Life Balance Public Cloud Reading Taxes Machine Learning Users Hiring/Firing Protection Bring Your Own Device Administrator Relocation Paperless Office Hacker Wi-Fi collaboration capabilities base infrastructure Hacks Documents Automobile Downtime CCTV Text Messaging security solution Notifications PDF Computing Piracy IT service Web Server Business Metrics end-of-support date holiday season Meetings Marketing Language Software License Rental Service Ordinary Computers Chromebook Emails UTM Flexibility holidays Miscellaneous Tracking quantum computers Threat management Reliable Computing scammers Supercomputer Phone Systen Twitter