Data breaches cause irreparable damage to an organization—from the high cost of notifying customers that their identity has been compromised, to the even higher costs of lost customer confidence and business. While you can take proactive action to reduce the likelihood of a data breach, no business is immune from the threat.
A law in Illinois is setting a new standard. Keep reading to learn how this important legislation may impact your business.
Nearly all 50 states have laws around when the government or businesses must notify an individual in the event of a breach of their personally identifiable information. In most cases, personally identifiable information is defined as a name, combined with a driver’s license number, financial account numbers and/or social security number. Requirements for notice and other provisions vary by state, and include parameters such as when the notification must be delivered, and who must be notified in the event of a breach. All of this remains one of the most active areas of the law due to the near-constant change in the digital landscape.
There are differences in the notification laws by industry, with the strictest existing for banks, financial institutions and medical facilities that maintain patient information. Organizations that store large amounts of aggregated customer data are prime targets for cybercriminals.
The additional perceived impact on an individual’s life requires some organizations to take proactive measures to notify them in the event of a breach of any scale.
While new legislation in Illinois helps consumers recover from a data breach more quickly, it may actually open them up to more phishing schemes. How can something meant to help consumers end up harming them?
Part of the new Illinois legislation demands organizations send an email to potential victims of identity theft to let them know that there’s been a breach. Ironically, this type of email can easily be spoofed by cyber criminals, potentially leading consumers to fake sites that ask for personally identifiable information. Instead of being notified of a breach — the phishing scam may be the breach itself!
Personally Identifiable Information
In Illinois, personally identifiable information was considered to be specific data such as names, account information and financial records. However, the law has now been expanded to include biometric data such as fingerprints or stored blood samples.
Personally identifiable data or material loss is now treated the same way as any other data breach, and requires a rapid notification from the breached organization to the consumer or patient.
The Benefits of a Quick Notification
Printed mail is relatively fast and can provide customers with notification of a data breach within only a few days. However, within those few days, credit card numbers can be sold to others, thousands of dollars of goods and services can be charged to a card, and personally identifiable information can be used to fraudulently open false accounts.
This new legislation in Illinois attempts to combat these challenges by providing a few additional, but critical, days of to help victims cancel credit cards before they’re used.
A quick notification cycle from your organization clearly communicates to consumers that you are actively engaged in curtailing a data breach, and that you’re looking for ways to cure the problem. Even a few days of silence is problematic, especially if your customers are hearing about your business’s huge data breach on the news.
There’s a strong likelihood that customers will repeatedly call your office to determine if their records were a part of the breach. This research and review process can overwhelm staff members already working hard to ensure that a breach doesn’t happen again.
While no one wants to be the victim of identity theft, legislation, such as that recently introduced in Illinois, can help your organization by prompting you to notify customers sooner, and preserving this important relationship.
Want to learn more about cybersecurity and how to keep your organization safe? Contact ClearPath IT Solutions at (309) 263-5600 or at sales@clearpathIT.com. Our security professionals will ensure that you’re taking all possible precautions against, what could be, a disastrous data breach.