Seemingly every day, there’s new of another data breach. Small to mid-sized businesses are being actively targeted by bad actors. Thinking that you and your company are too small for a coordinated attack is exactly the kind of complacency that hackers rely upon.
To force us to help ourselves, federal and state governments have been enacting a patchwork of data privacy laws. The Health Insurance Portability and Accountability Act (“HIPAA”) of 1996 goes to medical and health data. The European Union enacted the General Data Protection Regulation (“GDPR”) in 2016 and the California Consumer Privacy Act (“CCPA”) goes live in 2020.
There are many similarities, as well as many dissimilarities. The purpose of today’s discussion is not to compare and contrast HIPAA, GDPR and CCPA. Today, I am appealing to your complacency. Just because your company doesn’t fall within the enforcement criteria for HIPAA, GDPR or CCPA doesn’t mean you should ignore those laws.
Knowing what you collect, where you store it, and how long you store it is not only good data hygiene for compliance with today’s laws. It positions you to be ready when the next state or federal law comes in to being that will apply to you. Plus, cleaning out the stuff you don’t really need, and making a conscious choice about what you’re keeping and where you’re keeping it hardens your company against targeted data attacks.
Think of good data hygiene like planning for an emergency evacuation. If you have no idea if your car has enough gas to get out of town, let alone where your loved ones are nor whether you have any cash, it will be hard for your family to evacuate on a moment’s notice.
So how can you start your company’s data hygiene plan? Simple: contact Citadel Legal Services and let’s roll up our sleeves and start cleaning things up.