Monthly Archives: May 2014

5 Things You Need to Know about Privacy Breach Notifications

Recent high-profile data breaches, such as those that occurred at Neiman Marcus and Target, have brought privacy breach notification laws into public debate.  In the event that your company’s secure information is compromised, it is important to understand privacy breach notification laws and standards.

Privacy Breach Notification Regulations are Under Review

Across the world, privacy breach notification laws are being updated and amended to keep up with the times.  In the United States, for example, federal standards are being discussed, but  each state may also have its own rules.  Furthermore, some states do not even have their own regulations, and laws and procedures regarding privacy breach notification standards vary depending on where your business is located. Be sure to know the regulations and standards for your own country or state.

What is Privacy Data?

This private information that your company may posses includes customer names, in combination with, account numbers, driver licenses, or social security numbers, although this changes from state to state and from country to country. Most laws require your business to inform customers, employees, and other stakeholders when their private information has been compromised. What is considered private information, and the timeframe in which customers must be informed of the breach, varies in each law.

A Privacy Data Breach Has No Borders

Many companies collect data from customers across the globe.  If a privacy breach crosses state lines or international borders, your company may need to comply with multiple standards. Failure to comply may lead to fines and penalties, in addition to customer disapproval. California laws, for example, impose fines up to $3,000 for failure to comply and criminal penalties for companies that try to conceal privacy breaches.

Privacy Breach Notifications is a Local and Global Issue

From the European Union to Australia, governments are working to address the issue of Privacy Breach Notifications.  For example, the United States federal government is currently reviewing national standards, and the Senate has proposed the Data Security and Breach Notification Act.

How to Minimize the Risks of a Privacy Data Breach

Due to the variety of standards and regulations regarding privacy breach notification, it is important to know the guidelines or to contact an IT Security expert in the event of a privacy data breach. Rapidly detecting the data breach and having a protocol to inform those affected by a security breach promptly are some good first steps if a privacy breach does occur. Another option is to contact your IT Service professional to put a plan in place to minimize the risks of a privacy data breach.

Avoiding Downtime by Having a Business Continuity Plan

Companies small and large are increasingly reliant on their IT systems and infrastructure. Having a Business Continuity plan is a proactive way of avoiding unnecessary downtime due to a disaster, human error, or security breach. Not only may downtime cause data loss, but also according to Gartner Research, a conservative estimate of the  cost of downtime for a computer network is $42,000 per hour. For a small business without a Business Continuity plan, such downtime could have long-term crippling implications.

In case of natural disasters or IT outages, it is important to be able to calculate risks and financial losses caused by downtime in order to best allocate IT resources to get your business back online quickly. Below are suggestions for putting downtime for your computer network in perspective.

Downtime of your Computer Network and Your Business Continuity Plan

There are many factors that contribute to losses caused by downtime. These factors include employee productivity, financial losses, fines, legal fees, loss of revenue, and loss of goodwill. Whether it is inventory sitting on trucks, invoices that don’t go out, or cash registers that stop ringing, it is important to understand which applications and data are most important to bring back quickly. By identifying the systems that are most important to keeping your doors open, you will quickly realize where the highest risk of downtime is in your business.  Also note that losing sensitive data, such as credit card information, may attract heavy fines and loss of reputation in addition to lost revenue.

How to Avoid Downtime With Your Business Continuity Plan

To avoid the disastrous effects that downtime can have on your business, having a business continuity plan is crucial. A business continuity plan is a set of guidelines, systems, policies, and procedures that are designed to set your business back on track in the event of a disaster. These plans should include details on backing applications and their data with an emphasis on system recovery.

Downtime may not only result from a natural disaster but also from hardware failures, human error, or cyber attacks. Because of the many causes of downtime, it is important to periodically test your backup and recovery scenarios to make sure you can bring your systems up in a timely manner.  For disaster scenarios, also consider training employees on protocol in an emergency situation.

Understanding the effects that a disaster can have on your company is extremely important. In order to prepare your business for a disaster, it is necessary to analyze the costs and risks associated with downtime of your critical applications and their data. Having a proactive business continuity plan will save your business money, and may save your business.