For many internet users, security is a top priority. We cover all the bases by not reusing passwords or sharing them with friends, we are careful to enter our credit card information into only SSL certified sites, and we always log out of our accounts on shared and public computers. And yet, data breaches still happen. Cyber criminals are only just a step behind the latest security measure and its par for the course that some of those breach attempts will be successful. Digital safeguards and common sense internet usage can only protect us so much. So what are we to do in the event of a data breach, especially one that was not our own fault, and how would we even know?
Navigating the United States data breach laws can be confusing. In the event of data breaches, most states require “immediate notification without unreasonable delay,” but “unreasonable delay” looks different for every state. Because each states responsible for setting its own data breach notification laws, there is very little nationwide legislation for data breach notification systems. Even the very definition of what makes a data breach "a security threat" varies among each state. For all intents and purposes however, a data breach is classified as “the unauthorized acquisition of covered information that compromises security, integrity, or confidentiality.” Covered information, that is information that is unique to individuals, typically refers to first and last name or first initial and last name alongside other identifying or compromising information. The combination of a person’s name along with their social security number, username and passwords, or driver’s license card number can wreak havoc in the wrong hands. Even unique biometric data has been known to be stolen, like identifying material such as fingerprints, dental records, and retina or iris images pose a threat to individual security and rights.
This post is brought to you by: Lawlistings Lawyers Directory.
Navigating the United States data breach laws can be confusing. In the event of data breaches, most states require “immediate notification without unreasonable delay,” but “unreasonable delay” looks different for every state. Because each states responsible for setting its own data breach notification laws, there is very little nationwide legislation for data breach notification systems. Even the very definition of what makes a data breach "a security threat" varies among each state. For all intents and purposes however, a data breach is classified as “the unauthorized acquisition of covered information that compromises security, integrity, or confidentiality.” Covered information, that is information that is unique to individuals, typically refers to first and last name or first initial and last name alongside other identifying or compromising information. The combination of a person’s name along with their social security number, username and passwords, or driver’s license card number can wreak havoc in the wrong hands. Even unique biometric data has been known to be stolen, like identifying material such as fingerprints, dental records, and retina or iris images pose a threat to individual security and rights.
Also Read: How Much Data You Need and How to Use Less (infographic)Data breaches are a serious crime, and because it is a crime it often requires in depth investigation from law enforcement. Though these laws are in place to protect the victims of such attacks, sometimes legal investigations can cause an information roadblock so to speak. As a result, notifications of these attacks can be delayed to avoid interference with the investigation or the restoration of the affected system. When cyber criminals catch wind that their actions have been identified the situation can quickly escalate and increase the risk factors for those already affected. Regardless, for most states the parameters of immediate notification fall within just 45 days, though this can vary up to 90 days for states like Tennessee. Alabama, Maryland, and Ohio have very strict laws concerning data breaches, while Kentucky, Mississippi, and Rhode Island are slow to introduce this vital legislation. How victims of data breaches must be notified also varies. Most states call for explicit written notice, but some states will accept telephone and even electronic notifications to reach those affected. Substitute notices may be sent if the cost exceeds a certain value or when the number of affected consumers is greater than a threshold amount. Again, these standards are at the mercy of the state, for example a resident of Indiana must be notified of the data breach within the parameters of Indiana law.
Recommended: Don’t Get Hooked: How to Recognize and Avoid Phishing AttacksGetting all these rules and regulations straight poses a challenge, but familiarizing yourself with you own state’s legislation is an important step for security. When it comes to cyber safety, knowing is half the battle, and knowing which states will protect your rights over corporations’ rights can help limit the damage of data breaches. Take a look at this infographic brought to you by Digital Guardian for a guide to data breach notification standards, where your state stands on legislation, and what you can do to ensure you are notified as quickly as possible in the event of a data breach.
This post is brought to you by: Lawlistings Lawyers Directory.
