Delayed-Release Breach
Managed IT services experts in Austin can help you keep from being a company that becomes a statistic. Did you know each state has idiosyncratic breach notification laws? You’re required by law to notify users in the event of a data breach in most states. When you have to make such notifications, associated costs will determine what sort of means you use to notify affected parties. If you don’t do things right, you’re going to be fined, and those fines can bankrupt you, depending on how big your company was at the time of breach and how threatening it was.
CafePress is a t-shirt company whose headquarters are located in Louisville, Kentucky. Recently, as of February 2019, roughly 23,000,000 users had personal information compromised in a data breach. This didn’t become public until the company forced all users to reset their passwords. This reset came months after the breach. Instead of directly informing clients that their information had been compromised, the company simply forced them to reset passwords. Now breach notification law in Kentucky does have some direct procedures, including:
- Public announcements of breach when over 500,000 people are affected
- Notification of all consumer reporting agencies
- Required notification if fraud or identity theft is likely
Avoiding Collateral Consequences
Now thankfully for CafePress, if they’ve got good lawyers, they may be able to squeak by on this legally. Still, they didn’t directly inform clients of the breach; they just forced a password change. An enterprising prosecutor may be able to jump on that. Other states are a lot more strict in their policies, and if more companies get maligned in Kentucky, you can bet local legislators are going to change the law. When there’s money to be made, laws get changed.
Managed IT services in Austin can be a key component in helping you ensure your business doesn’t get backhanded by a massive data breach which simultaneously incurs penalties. Forcing a password switch is not requisite notification. Sending out messages or making public announcements admitting the breach fits the bill. Also, security must be updated after a breach, and the avenue cybercriminals used patched up so it can’t be used again.
Additional Consequences
If clients see that you were not only breached but that instead of issuing a formal statement to clients about that breach, you just forced them to change their passwords, then those clients won’t have as much faith in your business. This will likely result in revenue loss. It’s not just systems integrity or legal consequences you’ve got to think about.
Avoiding Unnecessary Fallout from Data Breach
At Contigo Technology, our managed IT services experts in Austin can help you determine which legal requirements define your actions based on your location. Additionally, we can help you pinpoint security weaknesses and fortify them so future breaches are less likely. Contact us now for more information on breach notification law and the best protection measures for your business.