This is taken from the eBook published by iManage and DocsCorp – ‘Managing the inevitable: How to lessen the impact of a data breach.’
Companies are generating, collecting, and storing more information than ever. Today, the biggest challenge they face is securing and managing this information, so it doesn’t end up part of a data breach.
Unfortunately, not every data breach can be prevented. Many are the result of human error, like emailing the wrong person or sharing the wrong file. Phishing attacks are on the rise, and cybercrime is constantly evolving. What is possible, however, is reducing the likelihood of a breach while ensuring that, if one should happen, the damage is minimal.
Regulators are responding with tougher penalties
Governments understand cybersecurity is a huge threat to the safety and privacy of their citizens. They continue to tighten the law for businesses who hold valuable information and impose harsh penalties when it is not properly protected.
US – Nearly all US states are strengthening their data breach notification laws. The California Consumer Privacy Act (CCPA) will go into effect on January 1, 2020. It includes limits on the collection and sale of personal information by businesses, as well as increased rights and protections for consumers. Different industries have their own regulations - the Health Insurance Portability and Accountability Act (HIPAA), for example, covers medical data.
Canada – Organizations subject to Canada’s notifiable data breach law, the Personal Information Protection and Electronic Documents Act (PIPEDA), are obligated to report certain types of privacy breaches.
Europe and the UK – The General Data Protection Regulation (GDPR) completely changed how businesses collect, store and process the personal data of EU citizens. The GDPR obliges data processors and controllers to follow strict security and protection guidelines to ensure personal data is not leaked or disclosed – even accidental exposure is defined as a breach under the new law. Under the GDPR a company can be fined €20 million or 4% of global revenues, whichever is higher.
Australia – The Notifiable Data Breach (NDB) scheme requires all businesses in Australia that experience a data breach to report it to the regulatory body that oversees enforcement within 30 days.
Continue reading to gain a better understanding of changing regulations and how they affect you. Plus, get up to speed on the ever-changing threat landscape and discover a new approach to lifecycle data protection. Simply request your copy of the free eBook.