Viewing entries in
Cybersecurity

Data Protection Laws and PII's

Data Protection Laws and PII's

Last blog we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” (https://www.gsa.gov/portal/content/104256) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII.

At the Federal level, the United States doesn’t have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some laws requiring private or governmental entities to notify anyone whose data has been breached. In other words, if you possess personal data, you may have a regulatory responsibility to report the breach to both a government entity and the individual victim. Failure to do so may mean you’re in violation of these laws and subject to fines and penalties.

So what does this mean for a small business? You need to be aware of the likelihood that you are regulated by such laws and that you have some responsibility to show that you have taken reasonable measures and put in place procedures to maintain the security and integrity of outside data.

As a responsible business owner, you have an obligation to be aware of any applicable laws, keeping in mind that your client or prospect data may include PII from those in other states or countries. You also have an obligation to protect that data. Keeping up with the best practices for protecting your important data from hackers and data thieves is an important responsibility of every small business. Contact Net DirXions to learn how we can support your business with a complete cyber protection plan.

Are you subject to Data Protection laws?

Are you subject to Data Protection laws?

This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.

Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to breach notification laws. As a small business you should consider having an audit conducted to determine if you possess data that may be regulated by these laws. Failure to be aware that you are covered by them does not protect you in the event of a data breach.

In our next blog, we will discuss one category of information that is the focus of many data protection laws. This category is referred to as Personally Identifiable Information. When you discover what that includes, it will be pretty apparent why protecting this data is important for the integrity and success of your business.

Data Regulation and your Business: Data Protection Laws

Data Regulation and your Business: Data Protection Laws

Data Regulation and your Business: Data Protection Laws

Small firms are probably aware that there are laws regulating the handling of data, but they probably assume that these apply only to larger firms and that they are too small to have any data that is worthwhile or protected under state/provincial or federal laws. Think again. Data protection laws generally worry about the content of your data, not the volume of it. That is, you don’t need to have “tons” (not the technical term) of data to be to regulated by data privacy laws. If you maintain personally identifiable information (PII) you may be regulated by these laws which may include penalties and fines for non-conformance. PII means you store a person’s first name/initial, last name and then link it to another piece of personal information, such as, but not including:

  • Social Security Number
  • Driver’s license, or state ID
  • Passport
  • Some financial account number, e.g. credit/debit card, checking account, etc.
  • Health insurance ID

You are very likely required to observe regulations regarding protection of that data, and reporting of data breaches.

This isn’t an issue for the faint of heart. Contact Net DirXions your managed service provider with expertise in your specific industry or field of business to make sure you are in compliance. Failure to maintain compliance can lead to some very expensive fines and penalties.

A security hack doesn’t have to mean the end of your company!

A security hack doesn’t have to mean the end of your company!

Statistics are showing that each year over 50% of small firms are victims of a cyber attack or data breach. Why does this matter? Most smaller firms have not prepared business continuity plans to keep their IT infrastructure going in the event of an attack. Failing to do so often leads to the failure of the business. Delaying the creation of a business continuity plan is a bit like a younger person delaying writing a will, on the grounds that they are not likely to die soon. That may be true, but if the worst occurs the consequences can be severe for their heirs.

If the chance of a breach that could compromise your data or cripple your IT infrastructure is over 50%, there is every reason to immediately develop plans for how your business could maintain operation in the event of an attack on your IT systems.

This is an effort that shouldn’t be delayed. Contact Net DirXions, Inc to help you develop a complete and holistic business continuity plan immediately. Your income and your future depends upon it.