Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Richland Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Should Companies Be Punished for Data Breaches?

Should Companies Be Punished for Data Breaches?

We’ve all seen and heard about companies and government departments that have experienced major security and data loss events. Once the event is made public, there is a media frenzy of coverage disclosing answers to questions like: Were your records compromised? How can you protect nonpublic information in the future? What should you do if you are a victim? However, as the media focus moves to another topic, the breach becomes yesterday’s news - and there is very little coverage of what repercussions and penalties those entities that were breached faced - if any.

The United States Federal Government determined that general data breach events were ‘sectoral’, meaning that each state where at least one victim resides have the jurisdiction to create and enforce laws regarding general data breaches and security. When a breach occurs, offenders are normally required to give notification to that state's Attorney General, who then determines if the state will seek further action against the offending party.

The U.S. government has only stepped-in so far as to protect two specific-categories of nonpublic information; medical information, through the Healthcare Insurance Portability and Accountability Act (HIPAA), and financial information, through the Gramm-Leach-Bliley Act (GLBA). Even though these laws were established in the late 1990s, their application to information technology is still being explored by the court system. Compared to many other types of crime, prosecuting a data breach is still new, with federal courts having just completed a trial for the first time, in 2015.

Other parts of the world have already seen the importance of a unified standard for regulating data protection, breach prevention, investigation, and violation. The European Union has already passed a ‘General Data Protection Regulation’ which goes into effect in May 2018. In addition to giving data protection authorities more power and resources to investigate and enforce the law, the fines for an offending organization are $20 million or 4% of their revenue - whichever is the larger amount of money.

The secular responsibility of data security laws has lead to some pretty extreme variations among how breaches are handled by the United States. For example, it is the discretion of the state whether they choose to penalize the offending company per violation (records lost), per series of breaches (all charged as a single breach event), or, as impractical as it sounds, per resident. Furthermore, even if they’re prosecuted for their actions that led to the breach (or inactions in some cases), only four states and the District of Columbia give their Attorney Generals the explicit right to collect restitution. Those states are Arkansas, Illinois, Nevada, and Pennsylvania.

Additionally, many states completely bar individuals and organizations from taking independent action against the entity that had been breached, even if said entity is not prosecuted by the state or ordered to pay any type of restitution.

In what could be the most severe repercussion of all the possible punishments for a data breach, is the right of a state to file an injunction against offending businesses, forcing them to freeze operations, pending an investigation of the event. For many companies, the losses associated with indefinitely halting production, combined with damage to their reputation, will exceed any fines or restitution ordered by the court.

The good news is that many states have proposed new legislation or adjusted statutes to reflect the increasingly digital climate of the business world. In fact, a few progressive states have already implemented clarifying the exact amount of time allowed before an entity must notify the Attorney General of that state, as well as setting parameters for the maximum number of records stolen before breach notification is required. For example, Rhode Island law compels breached organizations to notify the Attorney General if five hundred or more records are compromised.

The reality is that, for the most part, cybercrime and data loss laws are a bit behind the technology. In many cases, states have found that by the time an act goes through legislation and becomes a statute, the technology that the laws were created for is outdated. After all, if we can access an infinite world of information immediately, perhaps it’s time to reconsider lengthy legislative processes.

What is your opinion on data breach laws? Should the federal government have a general data loss notification policy, or are the states the best choice to determine how to handle a breach?

Comments

 
No comments yet
Already Registered? Login Here
Guest
Saturday, 20 October 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation
 

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Hackers Malware Privacy Business Computing Productivity Email Business Microsoft Internet Hosted Solutions Software Windows 10 Backup Managed Service Provider Computer IT Services Ransomware Network Security Mobile Devices Android Smartphone Managed IT services User Tips Outsourced IT Hardware Google Browser IT Support Workplace Tips Social Media Efficiency Communication Disaster Recovery Innovation Business Continuity Data Backup Data App Business Management Data Management Smartphones Small Business Office Upgrade Holiday Productivity Cloud Computing Windows Remote Monitoring Internet of Things Facebook Miscellaneous WiFi Data Recovery Microsoft Office Server Network Office 365 Artificial Intelligence Gmail Big Data Phishing Encryption Spam Tech Term Password Unified Threat Management Bandwidth Firewall Robot Apps Save Money Customer Relationship Management Paperless Office Hosted Solution Recovery Customer Service Mobile Device Management Word Hacker Managed IT Services Saving Money Remote Computing How To Content Filtering Government Money Work/Life Balance Chrome Passwords Infrastructure Wi-Fi Office Tips Apple Employer-Employee Relationship Avoiding Downtime Document Management Risk Management Tip of the week Cybersecurity Computers Data Security Alert Applications IT Support Data storage Operating System Computing Education VoIP Presentation Business Growth IT Management Cybercrime Virtual Reality Mobile Device Antivirus Outlook Project Management SaaS BYOD Social Managed IT Data loss BDR Website Health Telephone Systems Windows 10 File Sharing Two-factor Authentication Compliance Settings Hacking Mobile Computing Analytics Vendor Management The Internet of Things Tech Support VPN Physical Security Augmented Reality Going Green Taxes Botnet IBM Information Technology Running Cable Virtual Private Network Smart Technology Printing Humor Assessment Samsung Server Management Licensing HIPAA Router Meetings Bring Your Own Device Search Digital Payment Sports Storage Analyitcs Mobile Security IT service Maintenance Cortana Virtualization Computer Care Administration Specifications Training IT solutions Safety Tablet Wireless Technology Automobile Upgrades User Wireless Budget Business Technology Downtime End of Support communications Retail Mouse YouTube Best Practice Collaboration Unified Communications Lithium-ion battery Legal Healthcare Business Owner Patch Management LiFi Marketing Scam Twitter Politics Monitors Vulnerability Travel Regulations Google Drive Identity Theft Websites Automation Competition DFW IT Service Motion Sickness Hard Disk Drive Social Networking Halloween Google Docs Enterprise Resource Planning Refrigeration Net Neutrality Firefox Supercomputer Help Desk Writing Asset Tracking eWaste business network infrastructure Wearable Technology Servers Motherboard IT Sevices Deep Learning Personal Information Fun Scary Stories Mobile Techology Internet Exlporer IT Consultant IT Budget Software as a Service Machine Learning Social Engineering Remote Workers Environment data services Mail Merge Distributed Denial of Service Computer Repair Vulnerabilities Undo Disaster Resistance Cleaning Consultation Notifications Statistics Technology Tips Relocation Software Tips Electronic Health Records Troubleshooting IP Address IT Technicians Modem Address Managed IT Service Webcam Alt Codes Electronic Medical Records Google Wallet Crowdsourcing Dark Data Geography Proactive IT Hotspot User Error Bluetooth Comparison Private Cloud Cyberattacks Mobile Office Mirgation Phone System Drones Cookies Redundancy Break Fix Point of Sale Corporate Profile Typing Buisness Cables IT Consulting Language Quick Tips Printer Black Friday Error History Bookmarks Migration Knowledge Nanotechnology Dark Web WannaCry Cryptocurrency Wires Data Breach Computing Infrastructure Time Management Access Control Cyber Monday Cabling Favorites Chatbots Experience IoT Data Warehousing Web Server Bitcoin Update Staffing MSP Technology Laws Alerts Network Management SharePoint flu season Administrator 3D Printing Conferencing iPhone Identity Utility Computing Lenovo Microsoft Excel Cameras VoIP Windows 8 Chromebook GPS Law Enforcement Google Maps Network Congestion Proactive Domains Unified Threat Management Cooperation Touchscreen Downloads Entrepreneur Shortcut Fort Worth Disaster Unsupported Software 5G Application Superfish Blockchain CCTV Digital Emoji Tracking Gadget Users Display Remote Monitoring and Management Public Speaking business communications systems Staff Multi-Factor Security flu shot Uninterrupted Power Supply Mobile Data Hacks Cost Management Permissions Spyware WPA3 Internet Protocol Flexibility PowerPoint Google Calendar Fort Worth IT Solid State Drive Current Events Laptop Management Consumers Hard Drives Networking Fraud G Suite How To Processors Virtual Desktop Fleet Tracking VoIP streamlines Operations Heating/Cooling Legislation

Top Blog

Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...
QR-Code