Comply with New Data Breach Laws, or Pay the Price
I asked our security officer last week about data breach security. He’s a smart dude, and he rattled off all of our security layers and the changes in global and local laws we have to follow.
Read our new white paper: Communication Best Practices for Data Breaches & Service Outages
If you ask CIOs, data security officers, or CEOs about data breaches, they know the dangers and can wax poetically about redundant infrastructure, encryption, and the cost of service downtime.
It’s important to restore service as soon as possible because when your business is down, it’s not making money and it’s really ticking off your customers. Now, with new legislation in the European Union and other parts of the world, there is a new reason: the government will fine you.
In the EU, the Global Data Protection Regulation goes into effect in 2018. In the United States, the Data Security and Breach Notification Act of 2015 is working its way through the Senate and Congress. Australia is updating existing legislation, and Singapore established tough laws and suggestions in 2015.
Keep your records neat: The EU can fine a company up to 2 percent of global revenue for not having its records in order, not notifying the authorities and the victims about a breach, or failing to conduct impact assessments.
Secure your data: More serious infractions can be fined up to 4 percent, including poor data security and failing to receive explicit consumer consent.
Be honest: The Data Security and Breach Notification Act of 2015 in the United States establishes criminal penalties of a fine, imprisonment for up to five years, or both, for concealment of a security breach that results in economic harm of at least $1,000 to an individual.
Act immediately: Legislation already on the books in Singapore levies fines for not being timely enough in alerting the authorities and victims of a breach, and also for not using proper protocols for consumer data protection.
To learn more about changing laws and regulations and how to overcome the challenges of compliance, red our new white paper, 2016 Communication Best Practices for Data Breaches and Service Outages.