Like most days, I began my Tuesday morning (yesterday) by watching the news and surfing my favorite sites and apps for what is going on the in the world today. To my friends, family and all others out east be safe and help others in any way possible. The “Sandy Storm Tracker,” looks like things are pretty rough, but know everyone out east will pull together like our country always does. Best wishes to all. Ok, now back to my news surfing. At about 5:30am, I noticed an article from the Montgomery Advertiser in Alabama. It appears that another hospital has had a Data Breach. This article indicated that an individual obtained more than 800 names, social security numbers and dates of birth from the hospital. Based on the article, it appears that this information was then sold with the ultimate attempt to utilize the information in a tax fraud scheme.
TREND #1 – The Rise of Small Company Breaches. In today’s news world, we often hear of catastrophic national news. For example, many people have heard of the larger data breaches such as Sony PlayStation Network – 100 million customer accounts or Zappos – 24 million customers. There has been a stigma of “only large companies are subject to data breaches.” WRONG! Today’s global economy has flattened. Smaller organizations are equally at risk for Data Breach or “Cyber Liability” risk and this risk is expensive. For example, a breach of 1,000 records could yield a cost of $200,000.
TREND #2 – The New 3 R’s. New Risks, New Regulations, & New Responsibility.
- New Risks – with the constant state of change of technology, new threats are created daily if not hourly. This means your insurance policies, electronic disaster recovery plan, and IT services must be in state of constant updating.
- New Regulation – Regulation is in a constant state of change. Employers must stay on top of changes to HIPPA, Red Flag Rules, Individual State – Breach Notification Requirements, Graham-Leach-Bliley, etc… How is your team receiving your updates?
- New Responsibility – It is becoming clearer and clearer that it is the company’s responsibility to protect and guard secure data such as Personal Health Information (PHI)| Personally Identifiable Information (PII). This responsibility not only includes your customers | clients, but also your staff.
TREND # 3 – Need for a Chief Privacy Officer (CPO). Why, What, & How:
- Why – Privacy issues can put you out of business in three easy ways: Direct cost to manage the event, Reputational damage – loss of clients, & Loss of key employees/staff due to a privacy breach. If managed well, it can become a unique strength of an organization.
- What – According to Wikipedia – The Chief Privacy Officer (CPO) is a senior level executive within a business or organization who is responsible for managing the risks and business impacts of privacy laws and policies
- How – Develop a job description. Depending on your business, determine if this is a full time position or if it is a job responsibility of another person, such as compliance, risk, etc…
Cyber Liability – Data Breach – Network Security Risk creates significant liabilities for businesses today. In a report by RedSpin, there was a 97% increase in total records breached, 2010-2011. For more information on Cyber Liability Insurance, Development of a Chief Privacy Officer job description , or Audit on your existing Cyber Liability Risk contact Kelly Reed | 906.315.7227 | firstname.lastname@example.org.