Lack of Data Privacy and Breach Notification Under Fire
Data breach regulations are making headlines. Lawmakers in various states are beginning to push for their citizens’ rights to data privacy and quick notifications after a breach. North Carolina has seen drastic increases in data breaches over the past 10 years, according to the 2018 North Carolina Data Breach Report. The state has seen security breaches increase by more than 250%, a number that has lawmakers trying to pass legislation that has consumers best interests in mind–and not the organizations who are breached.
The steady increase in data breaches for the state have affected more than 1.9 million of its citizens during 1,057 breaches in 2018. These numbers have prompted legislators to present a bill focused on limiting the time for a business to notify those affected within 30 days of a breach, cutting in half the time HIPAA regulations require for notifications. Other data protections include giving individuals the right to request the data that companies collect on them, also requiring breached companies to provide two years of free credit monitoring to those affected. The report finds the increase in data breaches in NC is a combination of many factors, including an uptick in online scams and the amount of personal and financial data that companies collect on their customers.
Currently, the U.S. does not have federal laws regarding data privacy or limiting the amount of time an organization must notify those affected after a breach. The European Union (EU), however, passed the GDPR, the General Data Protection Regulation, which it began enforcing in 2018. The GDPR has strict guidelines protecting its citizens’ data and sets limits regarding the time within which a breached organization must notify those involved in a breach. There are strict penalties for those who don’t comply, including hefty financial fees for those who don’t follow the rules.
Many U.S. lawmakers are beginning to see the value of imposing guidelines in favor of protecting their citizens in response to increasing data breaches. Right now, protecting victims of breaches is a state-by-state process, with many hoping the U.S. will join the EU in providing all citizens insight into their data collection and limiting response times for breach notifications.
In the meantime, citizens themselves need to be diligent in protecting their own data as much as possible. This means monitor payment card charges and credit reports and reporting anything that is incorrect as soon as possible. Also, it’s wise to limit what information we provide to any organization. If they don’t need it to provide their service, just don’t give it to them. This is the best way to limit what information may be provided to an unwanted party in case of a data breach.