Data Privacy
Overview
Many organizations do not realize that Privacy Legislation has become almost universal. While the word ‘privacy’ may mean many things to many people, there is, in fact, specific information that is consider legally private. While legislation varies from country to country and state to state, there are certain pieces of data that organizations should strongly consider encrypting whether they are legally required to or not. In the event of a public disclosure of a data breach or theft, an organization’s due diligence and foresight will go a long way towards mitigating the severity of the consequences.
If your organization collects and stores any of the following information, you should consider reviewing the privacy legislation for your country and state (or province).
- Social Security Numbers or similar personal identity numbers;
- National Passport numbers and related information;
- Driver’s license numbers and related information;
- First, middle and last names of individuals
- Personal addresses, telephone numbers & email addresses;
- Customer or Patient medical, dental or pharmacy billing information
- Patient Electronic Medical/Health Records (EMRs/EHRs) or Personal Health Records (PHRs);
- Citizen or consumer financial records, tax information or accounting/billing history;
- Citizen legal documents or criminal records;
- Student personal, financial or academic records;
- Any other information that, if made public, would reasonably upset the average citizen or business.
Cost of Non-Compliance
Privacy laws vary widely from country to country and state to state, however, organizations can expect one or more of the following consequences.
- Organizational fines up to $100,000 per violation, directors & officers fines up to $10,000 per violation (GLBA);
- Possible imprisonment of officers & directors up to 5 years (GLBA);
- Organizations may be required to publicly disclose data breaches to individuals harmed by a breach;
- Potential civil litigation may ensue;
- All individuals harmed by a breach may be entitled to compensation.
How Dark Matter Labs can Assist with Compliance
We work closely with businesses and organizations, their Chief Privacy Officers, and security professionals to implement business-wide encryption solutions that identify and encrypt all data required by law and other business needs. By partnering with the software vendors of a wide variety of management tools, such as CRM and ERP programs, we enable businesses to protect their private data seamlessly and cost-effectively. Regardless of your data-encryption needs and business architecture, we can help; and we’d enjoy hearing from you.
We can help in the following ways:
- Identification of vulnerable data and correlation with local & national privacy laws;
- Assessment of existing network infrastructure and ideal implementation of encryption solutions;
- Installation of enterprise-wide encryption solutions;
- Training on installed solutions; and
- Comprehensive, on-going customer support.
Key Regulations & Legislation
For a detailed review of current privacy legislation or issues visit The Electronic Privacy Information Center (EPIC).
- U.S. Federal – The Privacy Act of 1974
- U.S. Federal – Gramm-Leach-Bliley Act (GLBA) at Federal Trade Commission or GLBA at EPIC.org
- U.S. States – Privacy Laws By State at EPIC.org
- U.S. – California SB 1386 – on Wikipedia or on State Government Site. This bill requires organizations to disclose an un-encrypted breach of personal data to California residents.
- U.S. – California AB 1950 – on State Government Site (pdf format). This bill requires businesses that own or license personal information about California residents to maintain reasonable security procedures to protect personal information from unauthorized access, use, or disclosure.
- Canada – The Personal Information Protection and Electronic Documents Act (PIPEDA) or PIPEDAinfo.com
- E.U. – European Data Privacy Directive (Directive 95/46/EC)
Related Industries
For more information contact us at privacy@darkmatterlabs.net
