Data Protection Laws and PII's

Data Protection Laws and PII's

Last blog we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” (https://www.gsa.gov/portal/content/104256) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII.

At the Federal level, the United States doesn’t have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some laws requiring private or governmental entities to notify anyone whose data has been breached. In other words, if you possess personal data, you may have a regulatory responsibility to report the breach to both a government entity and the individual victim. Failure to do so may mean you’re in violation of these laws and subject to fines and penalties.

So what does this mean for a small business? You need to be aware of the likelihood that you are regulated by such laws and that you have some responsibility to show that you have taken reasonable measures and put in place procedures to maintain the security and integrity of outside data.

As a responsible business owner, you have an obligation to be aware of any applicable laws, keeping in mind that your client or prospect data may include PII from those in other states or countries. You also have an obligation to protect that data. Keeping up with the best practices for protecting your important data from hackers and data thieves is an important responsibility of every small business. Contact Net DirXions to learn how we can support your business with a complete cyber protection plan.

Are you subject to Data Protection laws?

Are you subject to Data Protection laws?

This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.

Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to breach notification laws. As a small business you should consider having an audit conducted to determine if you possess data that may be regulated by these laws. Failure to be aware that you are covered by them does not protect you in the event of a data breach.

In our next blog, we will discuss one category of information that is the focus of many data protection laws. This category is referred to as Personally Identifiable Information. When you discover what that includes, it will be pretty apparent why protecting this data is important for the integrity and success of your business.

Using the Cloud to Challenge Big Business

Using the Cloud to Challenge Big Business

Has anyone suggested you begin moving your business to the cloud? Cloud data storage or cloud computing? What is this, anyhow? And isn’t it something for huge companies?

In a previous post we explained what cloud computing is. Simply put, it is the offsite storage of your data, and perhaps even the software packages you use. The primary benefit is pretty straightforward.  It gives you access to enterprise-class technology, pay-as-you-go service.

But is that all it is? There is a much stronger case for a small business to incorporate the cloud in their business model. The cloud allows you to become competitive with the big players in your industry.

The traditional issue holding back small business: they do not have the capital to create the infrastructure to compete with large firms. They are too small to enjoy economies of scale. One obvious area is software and hardware. Historically, the technology used by big business has been out of reach of the little guys. Most SMBs have neither the hardware budget nor internal resources to own a network infrastructure. A small business does not have capital to buy the equipment. Take a simple example: You run a storefront, but think you might be able to sell a bit more if you went online, but you don’t know how much more. You can’t justify the capital to buy the hardware, software, and the labor to design, build, and support it all. The cost of entry to the online world is just too much.

The cloud ends all of that. In simple terms, the cloud lets you rent just as little infrastructure as you need, and then lets you grow as incrementally as you like, paying only for what you use.Essentially, the cloud has become the great equalizer. The high cost of entry created by IT can be eliminated by the cloud.

The Cloud: Are There Security Issues?

The Cloud: Are There Security Issues?

For many, the idea of offloading their data to another physical/virtual location can seem like a security risk. It seems counter intuitive that moving data away from “ home” is safer. But is that really true? Any server stored at your location is probably more physically vulnerable than one protected in a large server farm. If you had a fire, flood, or other physical damage that included damage to your server, what would be the result? Also, are your backups stored on–site? If a major event damaged your entire physical location, those backups would be also lost.

There is a second reason the cloud may be safer: security. All of your data, no matter where it is located, may be vulnerable to cyber attacks and data breaches. However, cloud storage providers probably offer some of the most sophisticated security projection available. It is unlikely that a small or even mid-sized firm has the internal resources and research capacity to maintain an equivalent level of security.

So give some thought to the cloud as tool to preserve your data and the integrity of your business (as an added bonus, it likely will be a money saver, too).