The proliferation of billions of computer and mobile devices and the increasing use of the Internet and Wireless Networks has caused a data explosion. The number of stored bits of data exceeds the estimated number of stars in the universe continues to double every 18 months.
In this new digital economy, businesses and their customers rely on the safe use and protection of the data they generate, share, and transmit. Private and sensitive personal information and confidential business information moves through the Internet and numerous wireless and corporate networks, and from one device to another, with a high risk the data will be lost, stolen, or degraded as it is transmitted and stored.
The potential for misuse of sensitive personal information and negligence in protecting such information has triggered legislative and regulatory action worldwide. The US has seen a groundswell of state and federal privacy legislation. Federal Data Protection and Privacy Acts and privacy laws in more than 46 different states regulate how data must be handled stored and protected. More than 700 laws are now in force to help protect the privacy and use of personal information. Virtually every business in every industry is now subject to some form of data protection, retention, and privacy law or regulation. While some industries are more regulated than others, none are immune.
The most common regulations include HIPAA and HITECH; SOX; GLBA; PCI; FISMA; FINRA; FISMA; UK Data Protection; CoCo; PIPEDA; SEC; NASD; DOD; NARA; FDA; and FRBCCCA. In addition to federal regulation, many US states are adding their own mandates regulating notification requirements following a breach of data security.
Data Breach Legislation Overview
More than 45 state governments have mandated corporate data breach notification laws. Many states have also mandated encryption of sensitive customer data. This trend to address data security, destruction, and encryption has continued to strengthen among state lawmakers, leading many states to reintroduce or amend their legislation in 2010. In addition, Congress is considering the Data Accountability and Trust Act (DATA) (H.R. 2221), which would establish a national breach notice standard that will supersede all state notification laws.
These laws apply to personal information on PCs as well as portable devices such as laptops, smartphones and USB memory sticks that have been lost or stolen.
Non-Compliance: A Risk Companies Can't Afford
The risks are high. Privacy laws vary by jurisdiction, are interpreted unpredictably, and are in a constant state of flux. Even the most well-meaning, conscientious company can make a false step as it captures, uses, transfers and discloses personal information. Penalties for failing to comply with any data protection initiative, whether at the state or federal level, can be severe. Penalties can include heavy punitive fines, injunctions, government audits, adverse publicity and damage to customer relationships, and, in some extreme cases, criminal charges. Today, a data breach that compromises customer information can result in immeasurable damage of lost consumer trust and confidence, and more than bad headlines; it can end in bankruptcy.
These risks have led a growing number of companies to turn to Skadoit for help in adopting sound privacy and data protection practices, ensuring regulatory and legal compliance, and protecting their competitive advantage. Skadoit is focused exclusively on data protection solutions and related services that help to protect your business and reduce risk. Skadoit can help your business stay compliant and eliminate the headaches of data protection by offering a variety of products and services custom built to meet your specific needs.
Data Compliance Services & Products
- Data Availability, Protection and Security Software-as-a-Service
- Compliance Consulting
- Compliance Planning
- Research of Regulatory Requirements
- Research of Data Protection, Retention and Breach Laws
If your organization has proof that the personal information was protected by use of data loss prevention tools and data was properly encrypted, damages can be contained and notification is not always required. Frequently, companies that meet federal compliance requirements such as those for the Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley (GLB), Health Insurance Portability and Accountability Act (HIPAA) or the Federal Information Security Management Act (FISMA) are also compliant at the state level. Our products and services will help you stay compliant at all times.
Skadoit is dedicated to ongoing research and education concerning strong, auditable security regardless of where data resides to manage risk, protect sensitive data and enable cost-effective compliance. Data security, implemented correctly, can ensure technology investments grow revenue and improve daily operations as intended, while keeping sensitive data compliant.