Home > Legal, Records Management, Records Storage > Protect sensitive data

Protect sensitive data

With the escalation in frequency and severity of data breaches that have occurred over the past several years, many states, including New York, and industry regulation groups have created data privacy guidelines and requirements.

Even in the absence of such regulations, it makes basic business sense to properly protect your sensitive business data because it is the right thing to do for your customers and can prevent some embarrassing publicity for your business.

Several categories included

You may be asking yourself what would be considered to be sensitive data.

As one example, the New York Labor Law Section 203-d broadly defines this to include a Social Security number, home address or phone number, personal email address, Internet ID or password, parent’s surname prior to marriage, or driver’s license number.

More information about New York requirements can be found in “The New York State Consumer Protection Board’s Business Privacy Guide” at www.nysconsumer.gov.

There are special rules for business in various industries or circumstances, such as medicine, finance, and any business that transmits credit card numbers to the card processor.

Small businesses vulnerable

In New York, any business that suffers a data breach involving sensitive data is required to report the breach to all affected customers and appropriate state authorities.

The state can assess fines of up to $5,000 for a single violation and $250,000 for multiple violations (a breach involving 500 clients can be considered to be 500 violations).

Small and medium-size businesses (SMBs) may feel they are too small to be a target. But hackers have figured out that small businesses have lots of valuable data, and SMBs are easier to penetrate than large corporations. So hackers troll the Internet, scanning randomly for easy targets. Even fairly small and anonymous businesses should expect their networks to be probed on a constant and unrelenting basis.

According to the New York State Consumer Protection Board’s Business Privacy Guide, every business must be prepared to respond to a breach. “A protocol for the inevitable” should include:

– A response team to coordinate and implement your data breach plan.
– A team consisting of security, privacy and legal experts who know how to contain the breach and make proper notifications to law enforcement and clients.

Author: Greg Miller

Source: http://www.recordonline.com

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: