Thursday, January 29, 2015

30 days' notice is not enough!

President Obama recently proposed a law requiring that companies inform customers within 30 days when personal information, such as Social Security numbers, is exposed. Forty-seven states have data breach notification laws, which vary widely.

Pennsylvania requires that companies notify customers “without unreasonable delay” but the government isn't notified. How does one define “unreasonable delay”? Also, only information in electronic format is covered. Writing your Social Security number on a paper form that isn't shredded could result in your being exposed and you wouldn't be notified.

A recent Pew Poll noted that 91 percent of Americans feel they've lost control of their personal information. Once you share information, will company employees be diligent in guarding your information? According to Experian's Data Breach Resolution group, 80 percent of data breaches are rooted in employee negligence/error.

Read more:
Follow us: @triblive on Twitter | triblive on Facebook