March 10, 2015
Ever since President Barack Obama announced new national cyber security legislation in his State of the Union address, the buzz about the cyber security law moving forward has been positive.
The new Personal Data Notification and Protection Act would likely “legislate a 30-day window for notification, require companies to report certain breaches to the government, and empower the Federal Trade Commission to set and enforce federal data security standards,” according to a report at thehill.com.
It would also supersede (and get rid of confusion caused by) about 47 different state-based notification bills – and that’s what some industry experts are applauding most.
Cyber security news reports indicate that the details of the law are still being debated. For example, how many days should companies get to investigate a breach before they notify consumers? Should all sectors be covered? Will consumers end up being over-notified about exposed data?
But it’s a good idea to start preparing for tighter cybersecurity now, advises Julie Lockner, Vice President of Market Development at Informatica, a data integration software company. In an article posted at SCmagazine.com, Lockner recommended looking at policies that relate to the FTC’s enforcement practices – to see what might be missing in your workplace.
A recent International Association of Privacy Professionals (IAPP) study by the Westin Research Center assessed Federal Trade Commission enforcement actions in dozens of cases. The following data security best practices are based on that information and would help reduce the risk of a breach.
A culture of security is the key to creating trust with internal and external stakeholders. Get started with these document security protocols.