Data Breach Legislation Calls For Increased Education

Featured article Patrick Zanella, AVP, Security, Compliance & Product Practice Head at Zensar Technologies

The proposed data breach notification legislation change making its way through the US Congress could have huge impacts on consumers and organizations across the U.S. The proposed changes would override states’ existing data breach notification laws (which are typically stricter than the proposed Federal law) and allow companies to decide whether or not to disclose data breaches to consumers, dependent on if they deem a breach to pose a serious risk to identity theft or fraud. The draft legislation would more than likely make it more challenging for state attorneys general to better protect consumers’ sensitive data. The bill states that businesses and non-profits take “reasonable” measures to protect sensitive data however the bill does not define “reasonable”.

The new proposition is no doubt scary for consumers since it creates a need for increased awareness on multiple levels. First, and most importantly, consumers must be informed of the potential risks and security threats in their daily lives. Strategies such as never clicking a link sent through an email and using “passphrases” instead of passwords will go a long way in preventing personal data from being stolen by cybercriminals. It is widely thought that human error is the number one cause of data breaches – in fact, just last year IBM reported that 95 percent of all security incidents involve human error. Of course, this illustrates a heighted need for increased consumer education.

Second, without robust data breach notification, consumers must be aware of the warning signs that their personal data has been breached. Regularly checking bank statements and being cognizant of when and where personal information was provided will help in identifying the cause of the breach.

In order to prevent data breaches from happening from the onset, it is important that organizations offer continuous security monitoring to ensure that corporate information, and employees’ personal information, is secure. Through a 24×7 threat monitoring solution, businesses have the capability to mitigate emerging threats, block attacks to protect assets and execute clear and actionable alerts against threats. Data breaches can never be prevented entirely, but utilizing a combination of capable technologies combined with best practices implemented by qualified resources, organizations are in a better position to mitigate the impact of data breaches.