Data Breach Laws
Data breaches keep happening. When one does happen, one of the primary concerns revolves around the customer. Organizations will wonder how much of their data was compromised, the amount of it that contained personally identifiable information, and what they need to be told regarding the breach.
Currently, notifications are required for data breaches, but each state has varying amounts of information it covers and what exactly will qualify as an event which requires consumer notification.
Daniel Castro from Govtech suggests that these differing laws should be changed, and even widened to include incidents of data misuse, as occurred recently with Facebook and Cambridge Analytica. This case involved people willingly giving data access to an app, which was then misused and resold for commercial purposes.
One way of working on this issue would be to have a law at the federal level, giving all consumers equal protections across the country. This doesn’t mean there aren’t steps that can be taken for individual states. Castro suggests three things when states are trying to craft new data breach laws. These are that the onus should be on those with first-party data, that a harm analysis should be conducted, and that they disclose steps that ensure third party partners adhere to their data handling policies.
We talk about data breaches a lot at Extract. This isn’t because we’ve been involved in any, but because we know just how important they are to governments, businesses, and those they serve. We also know that they’re common, and we find ourselves in the position of having organizations come to up to have personal information redacted before it could fall into the hands of potential hackers.
Extract’s automated redaction solution removes personal information from documents with great speed and accuracy to ensure you can focus on what’s important to your organization.
If you’d like to learn more about Extract, please reach out today.