Inside TDV - The Data Vault Blog
Is Your Business Ready for a Data Breach?
2017 may go down as the “The Year of Data Breaches.” Organizations large and small fell victim to cyberattacks, malware and hacking. The outlook for 2018 isn’t much better. Identity theft and fraud risks continue to grow. To make matters worse, consumers now have more power to sue companies that fail to protect their data. In this blog, we discuss the implications of a recent federal appeals court personal data ruling and how to reduce your liability exposure.
A Groundbreaking Breach Ruling
August 1st marked a landmark ruling made by the Federal Appeals Court in Washington, DC. In the case Attias v. CareFirst, the court ruled consumers may sue companies that fail to safeguard their personal data. What makes this ruling unique is that it sets a precedent for consumers to sue companies who put them at increased risk of identity theft, even if their personal identifiable information (PII) or personal health information (PHI) is not misused.
As a result, businesses that are breached will be in court more often; some may never recover from exorbitant legal costs. Make a mistake or leave something out when reporting a breach, and it may cost your business thousands of dollars in fines.
Reducing Risk and Liability
So how can you reduce the business risk and financial liability associated with the handling, storage and disposal of your data? Besides implementing reasonable security measures, supplement your data protection strategy with a data privacy compliance and breach reporting service, such as CSR Readiness. You’re given a self-assessment questionnaire that helps identify the areas your business should address regarding PII risks, including:
Best practices and policies are provided to help you comply with state and federal privacy laws and remediate weaknesses in your business. After you implement the privacy protection and readiness policies, you are given a Certificate of Completion that documents your due diligence.
If your business is breached, you have a reliable and trusted partner for reporting loss of PII. The complicated process of mandatory breach reporting to the authorities is handled for you by trained experts certified by the International Association of Privacy Professionals (IAPP). You give them the details of your breach incident and they promptly determine which reports are required and file notices as needed. They also send out notices that meet legal requirements to your affected customers.
While the risk and liability landscape may look bleak in the wake of Attias v. CareFirst, a privacy compliance and breach reporting service like CSR Readiness can help your business mitigate data breach risks and comply with state and federal reporting requirements.
The Data Vault provides data protection and data privacy solutions to businesses in and around Louisville, Kentucky. For more information about our cloud backup services, please call us at 502-443-1752 or complete the form on this page.