Today, January 28, is International Data Privacy Day. Each day, we share personal and private data. We share our personal data with our banks, our doctors, our employers, our schools, the companies we shop with and even our favorite online social networking sites. Today, I encourage you to think about all of the different institutions and companies that you trust to protect your data. If you operate a small business, think about all of the personal and private data that so many are trusting you to protect.
Protecting Our Own Private Data
Sharing personal and private data is an important decision for each person. We should not share our data without assessing the risks. We should assess which businesses and websites we share information with based on their data protection statements and the data they are collecting. We should make sure that our account information is secured through the use of strong passwords and secure connections. For information on the steps you can take to protect your own data, check out the resources compiled by the United States Computer Emergency Readiness Team in their US-CERT Data Privacy Day post.
Requirements of Businesses for Protecting Private Data
Protecting the personal data of our customers is a major priority for all institutions and companies. Under the current North Carolina state law, the Identity Theft Protection Act of 2005, businesses are required to:
- Protect social security numbers
- Dispose of records in a manner that protect sensitive information
- Institute policies to protect data
- Notify affected individuals in the event of a data breach” (Slipsky)
NC Lawmakers now are proposing a new bill that will increase the requirements for businesses to protect private data. The proposed Act to Strengthen Identity Theft Practices (ASITP) came after a rise in data breaches across North Carolina in 2017. In 2018, North Carolina experienced even more–1,057 data breaches were reported to the Department of Justice throughout the year. (Stein) These breaches and many more threats across our state have triggered the need for stronger requirements and greater accountability. Slipsky includes more details about the proposed bill in his article ASITP: A Bipartisan Proposal to Beef Up North Carolina’s Identity Theft Protection Act.
As the new requirements are being fully formed in the proposed bill, I encourage business owners, information officers and managers in North Carolina to review the data protection process and policies you have in place. Consider using the NIST 800-171 standards to help you in your assessment of your current policies. NIST 800-171 defines how to protect data, information, and materials. This set of standards can help you assess and identify gaps in data protection. Are your policies meeting the data protection needs of your customers, suppliers, and others in your supply chain? Contact me if you want to chat more.
Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.
Data Privacy Day. StaySafeOnline. National Cyber Security Alliance. https://staysafeonline.org/data-privacy-day/
Data Privacy Day. United States Computer Emergency Response Team. https://www.us-cert.gov/ncas/current-activity/2019/01/22/Data-Privacy-Day
Gul and Slipsky. Data Security Obligations Could be Increased in North Carolina. InfoSecurity. https://www.infosecurity-magazine.com/opinions/north-carolina-obligations/
NIST. Cybersecurity Framework. https://www.nist.gov/cyberframework
Stein, Josh. North Carolina Data Breach Report 2018. North Carolina Department of Justice. https://ncdoj.gov/Files/News/2018-Data-Breach-Report.aspx
Slipsky, Michael. ASITP: A Bipartisan Proposal to Beef Up North Carolina’s Identity Theft Protection Act. Poyner Spruill, LLP. https://www.poynerspruill.com/Publications/ASITP%3A-A-Bipartisan-Proposal-to-Beef-Up-North-Carolina%27s-Identity-Theft-Protection-Act