This week, Obama addressed the nation with a new data breach notification bill. Although data notification is a major part of this bill, the president also mentioned about file encryption as well. The White House bill provides businesses with safe harbor by exempting them from the individual notice requirements if a risk assessment concludes that “there is no reasonable risk that a security risk has resulted in, or will result in, harm to the individuals whose sensitive personally identifiable information was subject to the security breach.” If the data is unusable, unreadable, or indecipherable data, there is a presumption that there is not a reasonable risk. If a business makes this determination, it must notify the Commission of the results and its decision, in writing, within 30 days.
In addition to this bill, the New York Attorney General intends to propose a bill that would expand his state’s definition of personal information to include email and passwords. The proposed expanded definition of private information would also include data about a consumer or employee’s medical history, health insurance information or biometric data.
The expanded definition would go beyond a standard adopted in California in 2013 that also requires companies to notify consumers if their email addresses and passwords are stolen or hacked. Last summer, Florida stiffened its breach notification requirements as well.
Here is the part though where all organization in New York should pay attention to:
“The New York bill would reward businesses for taking steps to protect personal information and cooperating quickly with New York authorities in the event of a breach. It would provide them some protection from liability in civil lawsuits if they can demonstrate having taken adequate steps to protect private information from being hacked or inadvertently released.”
From President Obama’s notification bill to the New York Attorney General’s push for stronger protection for personal information, organization must be ready to face the much more severe consequences now that this is coming from both federal and state levels.
To ensure that personal information is secure this data must be secure no matter where it goes. Fasoo Enterprise DRM (Digital Rights Management) prevents the exposure of sensitive and confidential data through encryption. It protects, controls and traces this information no matter where it is. Isn’t important for consumers and organization to know that they will be on line with the up and coming bills and laws?
Don’t slack on this part of your spending, and ensure that this kind of information is secure for your own good. Let your CEO get a better night’s sleep.
Photo Credit: dannymac15_1999