One of the issues President Obama plans to cover during his State of the Union Address today is cybersecurity – and it may be one of the few issues that both Republicans and Democrats will agree on.
The discussion regarding the data security plan seems to concentrate on breach notification. The intention is to make sure consumers are notified in a timely fashion whenever their personally identifiable information was involved in a breach. At this time, most legislation regarding breach notification is regulated at the state level. The President will be proposing federal legislation that may or may not be more stringent than current state laws.
One proposed idea, part of the data security plan, is to establish a federally mandated Breach Notification Box which would allow consumers to know an organization’s data safety record up front. While everyone agrees that there needs to be more attention placed on cybersecurity, not just for consumers but for government agencies as well, some wonder whether federal government agencies will be held to the same standards.
In his article on ABCNews.go.com entitled “Obama’s Data Security Plan: Do As I Say, Not As I Do”, Adam Levin states,
According to a Government Accountability Office report last year, fewer than 30% of federal agencies comply with the proposed Personal Data Notification and Protection Act. The United States Postal Service, the Energy Department, the State Department and a few other agencies of note have suffered significant breaches of highly sensitive personal information over the past few years, and not one of them informed the individuals affected within the stipulated one-month period now advocated by the White House.
It seems that any organization, including governmental ones, that stores personal information about anyone should be held to the same standards of care with regard to the handling of that information. Unfortunately retailers like:
- Staples
- Target
- Wal-Mart
- Home Depot
are some of the big name businesses who have been the victims of hackers – hackers that put their customer information at risk. But the risks and responsibilities will increase among all business owners in the future as hackers look to smaller businesses as a way to access larger targets.
There are consequences in the fallout of a breach in data for businesses, their owners, and their leaders – one example, the CEO of Target was fired after the company was hacked. Therefore, it is wise for business managers to be proactive and consider their own data security plan rather than wait to see what our government leaders propose – after all, the government still has some figuring out of their own to do!
It’s good business practice to have a data security plan in place, not only for your in-use data containing devices, but also for those devices that are taken out of service. If you are not sure where to begin or what kind of data security plan is best for your company regarding your old data containing devices, contact us today.