You are here

Cybersecurity and the Importance of Data Privacy

Cybersecurity and the Importance of Data Privacy

Cybersecurity — especially data privacy — is one of the biggest problems facing businesses today. These security problems are compounded because every segment of every industry is affected differently, and each is subject to the risk factors peculiar to that segment. Grouping similar data together based on chosen parameters allows businesses to assess the privacy needs of each data segment they are holding. For example, the protections for public data don't have to be as stringent as the protections for private data.

Protecting the privacy of the data with which they are entrusted is a universal business goal. The best way to get started is to answer the following questions:

  • What types of data does your business have (e.g., credit card information, health information, criminal history, biometrics)?
  • Which departments have access to that data?
  • Who are your data service providers and what are their credentials?
  • Which personnel can access the data?
  • What steps has your company taken to protect the data (e.g., encryption, back-up, internal controls)?

Federal and International Regulations

The United States has no federal law protecting data privacy. A number of states, however, are responding: at least 31 states have already established laws regulating the secure destruction or disposal of personal information. At least 12 states — Arkansas, California, Connecticut, Florida, Indiana, Maryland, Massachusetts, Nevada, Oregon, Rhode Island, Texas and Utah — have imposed broader data security requirements. Other states, including New York, are considering legislation.

California is a pioneer on the data privacy front. The California Consumer Privacy Act of 2018, which goes into effect on January 1, 2020, is similar to the General Data Protection Regulation (GDPR). Companies that do business in California will be affected by this legislation.

At least some of the activity at the state level is in response to the European Union's enactment of the GDPR. Any company doing business in a nation that has adopted the GDPR must comply with its consumer protections regarding data privacy. The GDPR covers many types of data, including the following:

  • Personally identifiable data (e.g., names, addresses, date of births, Social Security numbers)
  • Web-based data (e.g., user location, IP address, cookies, and RFID tags)
  • Health (HIPAA) and genetic data
  • Biometric data
  • Racial or ethnic data

The bottom line is that U.S. businesses operating in multiple jurisdictions must consider these categories, as well as any other categories pertinent to their industry, as they segment the data they are holding. Understanding the data they hold is essential to instituting the right level of privacy safeguards.

Three Steps to Securing Your Data

Understanding your data is the first step to securing data. The second step requires knowing the relevant laws and regulations your business must comply with.

The third step is to stay alert for any indications of a breach. The sad truth is that many data breaches go on for quite a while before they are discovered. The time lapse between hack and discovery allows hackers to continue accessing vulnerable data. That makes constant monitoring an important aspect of any data security program. Watching for the signs of a breach — such as an unanticipated spike in bandwidth usage — can indicate a problem.

By following these three steps, businesses can be sure they are doing their best to protect the data they and their data service providers hold.

Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

Copyright © 2018 IndustryNewsletters. All rights reserved.

Other Blog Articles

Cybersecurity and the Importance of Data Privacy

Cybersecurity — especially data privacy — is one of the biggest problems facing businesses today. These security problems are compounded because every segment of every industry is affected differently, and each is subject to the risk factors peculiar to that segment.

What Is I-9 Employment Eligibility Verification?

It's a typical scenario at businesses around the country: You need to hire staff quickly, and potential employees arrive with great recommendations. They have all the skills and qualifications for their positions.

Special Report: A Quick Introduction to the World of OSHA

Even if employers aren't fully aware of it, the Occupational Safety and Health Administration (OSHA) is something they should learn about – because its rules almost certainly apply to them. The Occupational Safety and Health Act covers many private sector employers as well as their workers.

Know the EEOC: Employment Opportunity for All

Discrimination in the workplace can be a very sensitive topic to bring up. We've all heard of various laws the government creates to keep places of business fair, and most of our jobs tell us about or make us watch videos about workplace equality when we first start.

DOL Rule Called 'End-Run' Around Affordable Care Act

A federal judge has ruled that two parts of the Department of Labor (DOL) rule expanding employers' ability to join in association health plans (AHPs) violate ERISA. AHPs are group health plans sponsored by a group of employers.

Pages

How can we help?

Let Autopaychecks provide you with a single solution to managing payroll, human resources, time tracking and employee benefits.

Phone: 970-245-4244
Email: info@autopaychecks.com

Autopaychecks, Inc.

Providing payroll, human resources, time tracking and benefits solutions for small-to-mid-sized companies.

iSolved Solutions from Autopaychecks
iSolved Network Certified Partner