The increasingly high stakes of data breach notification

Glenn Moore

On Monday, May 16, President Obama released a strategy framework for cyberspace that stresses developing norms of responsible state behavior to promote a secure, open Internet.  Of particular interest to me, was the likely trend of data breach notification.  The drumbeat for simplification and standardization of state laws into a national law is intensifying.  There’s already a dizzying array of different laws regarding data breach notification.  Forty-seven state laws are in place today.  There’s also an extensive docket of proposed state laws. States are delving into more and more aspects of data breach aftermath.  For example, Hawaii has a proposed law that forces a business to pay for a person’s access to credit reports for at least three years in the event of a data breach!

I’m not sure where this will all end, but it’s clear that the stakes for having strong security continue to get higher for small business.   It’s the double whammy.  The “chances” of a breach are increasing due to more threats (quantity and sophistication).  Just ask Sony on that one.  Plus, the “damages” from a breach continue to escalate as financial institutions pass the cost of reissuing credit cards to the merchant and more laws are passed that increase the overall liabilities from a data breach.  It’s now likely that your current and prospective customers will hear about a data breach. So here’s some free advice for small business owners.  Consider spending on security infrastructure as vital as having building insurance!  Seek help from security experts.  Don’t let someone unfamiliar with security threats and compliance tell you that you’re secure.  You don’t have to spend an arm and a leg, but you do need to have effective technology and process in place to prevent a breach.

Helpful Links:

White House International Strategy for Cyberspace
Current State laws for data breach
Pending state laws for data breach
ANX small business security solution