You are here

Cybersecurity and the Importance of Data Privacy

Cybersecurity and the Importance of Data Privacy

Cybersecurity — especially data privacy — is one of the biggest problems facing businesses today. These security problems are compounded because every segment of every industry is affected differently, and each is subject to the risk factors peculiar to that segment. Grouping similar data together based on chosen parameters allows businesses to assess the privacy needs of each data segment they are holding. For example, the protections for public data don't have to be as stringent as the protections for private data.

Protecting the privacy of the data with which they are entrusted is a universal business goal. The best way to get started is to answer the following questions:

  • What types of data does your business have (e.g., credit card information, health information, criminal history, biometrics)?
  • Which departments have access to that data?
  • Who are your data service providers and what are their credentials?
  • Which personnel can access the data?
  • What steps has your company taken to protect the data (e.g., encryption, back-up, internal controls)?

Federal and International Regulations

The United States has no federal law protecting data privacy. A number of states, however, are responding: at least 31 states have already established laws regulating the secure destruction or disposal of personal information. At least 12 states — Arkansas, California, Connecticut, Florida, Indiana, Maryland, Massachusetts, Nevada, Oregon, Rhode Island, Texas and Utah — have imposed broader data security requirements. Other states, including New York, are considering legislation.

California is a pioneer on the data privacy front. The California Consumer Privacy Act of 2018, which goes into effect on January 1, 2020, is similar to the General Data Protection Regulation (GDPR). Companies that do business in California will be affected by this legislation.

At least some of the activity at the state level is in response to the European Union's enactment of the GDPR. Any company doing business in a nation that has adopted the GDPR must comply with its consumer protections regarding data privacy. The GDPR covers many types of data, including the following:

  • Personally identifiable data (e.g., names, addresses, date of births, Social Security numbers)
  • Web-based data (e.g., user location, IP address, cookies, and RFID tags)
  • Health (HIPAA) and genetic data
  • Biometric data
  • Racial or ethnic data

The bottom line is that U.S. businesses operating in multiple jurisdictions must consider these categories, as well as any other categories pertinent to their industry, as they segment the data they are holding. Understanding the data they hold is essential to instituting the right level of privacy safeguards.

Three Steps to Securing Your Data

Understanding your data is the first step to securing data. The second step requires knowing the relevant laws and regulations your business must comply with.

The third step is to stay alert for any indications of a breach. The sad truth is that many data breaches go on for quite a while before they are discovered. The time lapse between hack and discovery allows hackers to continue accessing vulnerable data. That makes constant monitoring an important aspect of any data security program. Watching for the signs of a breach — such as an unanticipated spike in bandwidth usage — can indicate a problem.

By following these three steps, businesses can be sure they are doing their best to protect the data they and their data service providers hold.

Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

Copyright © 2018 IndustryNewsletters. All rights reserved.

Other Blog Articles

State Law Affects FMLA Eligibility

The federal Family Medical Leave Act allows eligible employees to take up to 12 weeks of unpaid job-protected leave in a 12-month period for specific reasons, including to care for a newborn, an adopted child or a family member who has a serious health condition.

Is This Your Situation: Performing Background Checks for Small Businesses

With the average cost per hire in the United States hovering over $3,000, making a hiring mistake can be an expensive proposition for a small to midsize firm.

The 2018 Tax Wrap-Up

The tax reform passed at the end of 2017 runs to about 70,000 words.

Learn the Difference Between Pretax and After-Tax

Pretax deductions are subtracted from employees’ wages before taxes are taken out, thereby lowering their taxable wages and increasing their take-home pay.

New Disability Claims Rule for Welfare Benefit Plans

On December 19, 2016, the U.S. Department of Labor announced a new rule updating the process for reviewing claims and appeals for disability benefits covered by ERISA. Initially, the final rule was supposed to apply to all claims filed on or after January 1, 2018.

Pages

How can we help?

Let Autopaychecks provide you with a single solution to managing payroll, human resources, time tracking and employee benefits.

Phone: 970-245-4244
Email: info@autopaychecks.com

Autopaychecks, Inc.

Providing payroll, human resources, time tracking and benefits solutions for small-to-mid-sized companies.

iSolved Solutions from Autopaychecks
iSolved Network Certified Partner