A data breach can lead to a very stressful and challenging time for any organization that is targeted; no business wants to be confronted with such a problem and we don’t blame them!
If you experience a data breach you could be put in a very vulnerable position, risking your reputation and financial state. Data breaches can cause long-term issues that can be difficult to overcome. While we are equipped with more knowledge than ever before in handling data security and protecting our sensitive information, breaches still take place all the time, and usually with little to no warning.
Regular technological enhancements are contributing to improved workplace efficiencies, but at the same time, they are ironically assisting hackers in their ability to discover and attain sensitive, private information. Data breaches mainly stem from the physical loss or theft of devices and documents containing confidential information. If your business creates, shares, or stores sensitive employee information or customer information, you have a legal responsibility to report if it is known that information has been exposed.
Typically when data breaches occur they make major news, especially if well-known, large corporations are involved in the case; today, however, data breaches happen so regularly that for companies of all sizes and backgrounds, it’s impossible to report them all in the media. In 2016, close to 36.6 million records were publicly shared through some form of a data breach.
The potential for data breach to happen at any given time isn’t all you should be concerned about. Did you know that there are state laws that mandate what processes should be followed for your business if or when a breach takes place?
In the United States, other than Alabama, New Mexico & South Dakota, every state has strict laws in place with such requirements. What do these entail exactly? Security Breach Notification Laws. The National Conference of State Legislatures has a list of breach notification laws that can be reviewed on their website. These laws also share how companies can make victims aware of data breaches, as well as who is responsible for complying with the laws. Here are some key points in relation to breach notification laws in the US.
- Breach notification laws in the US only pertain to enumerated variations of data that are considered private in nature (social security numbers, drivers’ license numbers, bank account numbers etc.).
- Some US legislation requires notification for material breaches only. These are breaches that compromise the security of an individual.
- The shortest time frame to notify victims of a data breach is 10 days. Failure to meet this timeframe usually leads to significant penalties against the information-holding party.
- Penalties for not informing parties differ depending on state, and they may also include fines or further action against the party that fails to reply.
It is highly suggested that you have document shredding services in place on an ongoing basis, and in turn you will do wonders in protecting yourself from the threats associated with data breach. If you have secure document shredding solutions in place, you are being proactive in remaining compliant with privacy legislation.
For additional information surrounding our document shredding solutions, please reach out to our team, we are happy to assist you.