Event Archive

Data & Privacy Breach Concerns: What Are Businesses Doing About It?

   

Data Privacy and Security has transformed from a relatively unknown concern at the turn of the century to the headline grabbing issue we see today. While high profile cases drive this new awareness, many small businesses are left with a false sense of security, believing this issue only affects larger businesses.

Contact Info

InTouch Insurance services

Muhannad Malki

malkim@intouchis.com

16461 Sherman Way., Suite 350
Lake Balboa, CA 91406
(818) 464-4444 ext. 217

NOVATIME TECHNOLOGY, INC.

Scott Rose, Enterprise Sales

scott.rose@novatime.com

1440 Bridgegate Dr., Suite 300
Diamond Bar, California 91765
(909) 895-8100 ext. 152

Questions & Answers:

Q1

Are there special regulations for businesses at high risk of data theft?

A1

HIPPA regulations for PHI are important.

Q2

Are employee’s names and data considered protected data?

A2

Yes, anybody’s personal information is considered protected data.

Q3

Are businesses legally exposed if their employees PII or PHI is stolen from company computers or data centers?

A3

Yes, employee’s records are still considered client data.

Q4

Are there sample incident response plans to use as a template?

A4

There are, email Malki for more information.

Q5

where to find the "training" information about compliant corporate policy? Do you have anything that you can share?

A5

There are quite a few companies that do this on a national level:

Q6

I heard that you recommended changing passwords every three months, however, did you also recommend changing User ID as well?

A6

Mostly the password. Most user ids. The password is the most critical. User ids and passwords are stored separate in the system usually.

Q7

Can an employee be held liable for opening a suspect email?

A7

No, employees cannot be held liable for opening a suspect email.

Q8

You talked really fast about encrypted emails. What's that?

A8

It is similar process to a dropbox, but starts with an email exchange.

Q9

We backup our network, but not each employee's PC. If we have a policy for employees to store their data on our network drive, are we still at risk? I can't control those employees that don't follow the rules.

A9

Yes, you are still at risk. Whether it is part of your network or not, it is still considered your data. Both company, and individual have serious liability.

Q10

do you have any attorneys that you can recommend?

A10

Yes, please contact Malki.

Q11

where to find the Federal Trade Commission's website with the recommendations that you mentioned?

A11

Please email Malki. FTC.gov, section for tips and advice, go to the business center and you will see a bunch of information on it.

Q12

we have hosted service. When a client stops paying for their service, do we still need to keep backup of their data? I assume we can just destroy their data.

A12

Depends on what data you are backing up. Recommend sending certified mail to ensure they reach it.

Q13

some fax numbers actually email. Is that the same or just as secure as encrypted email?

A13

Digital fax number. You basically use your faxs over an email. It is not the same as sending a “real” fax.

Q14

What is a safer way to transmit data, fax or encrypted email?

A14

Encrypted email is very secure. Fax takes it a step further, but it is a lot more annoying. As long as you are using a legitimate service.

Q15

Doesn't having your data stored in multiple locations increase your risk of a breach?

A15

Yes, It does, but it depends on what kind of storage we are talking about.

Q16

Are employees' names and pictures considered as protected data?

A16

While an employee’s name is not normally considered personal or protected data (check with your local state and municipality to be sure). It is considered best practice to treat it as such. Photos are squarely classified as protected data.