What are Reporting Requirements After a Data Breach?
We’ve previously discussed the importance of encrypting your data by enabling BitLocker on your organization’s devices.
Not only is it a free service that protects against unauthorized access and data breaches, but it complies with data protection regulations and is easy to set up.
The only downside, albeit a minor one, is your employees will have to enter a six-digit PIN to log on to their computer in addition to the Microsoft password they must enter each time the computer is turned on.
It’s a small inconvenience to protect your data against unauthorized access.
Not only will encrypting your data make it much harder for attackers to steal your sensitive information, but it may save you from publicly reporting the breach.
Reporting Requirement Laws Vary by State
The need to report a data breach depends on location and the breach’s potential impact. For instance, under Michigan’s Identity Theft Protection Act of 2004, reporting isn’t necessary if the breach isn’t expected to cause significant harm or lead to identity theft.
“You don’t need to report a breach if the data is encrypted and unlikely to cause harm or identity theft. But, if the data is unencrypted or improperly accessed despite encryption, you must notify those affected.”
However, there are exceptions:
- Unencrypted Data Breach: If an unauthorized person gets access to personal information that isn’t encrypted, you must report the breach.
- Encrypted Data Breach: Even if the data is encrypted, a report may still be needed if someone unauthorized obtains the encryption key and accesses the information.
In short, you don’t need to report a breach if the data is encrypted and unlikely to cause harm or identity theft. But, if the data is unencrypted or improperly accessed despite encryption, you must notify those affected.
In the grand scheme, these laws are relatively young, and because they are quite complex and technology is constantly changing, you should work with a lawyer who knows your state’s laws for responding to a data breach.
Save Yourself the Trouble: Encrypt Your Data
Encryption often can exempt you from reporting breaches. Consider two scenarios when explaining a potential compromise to customers:
- Scenario A: Admitting a lack of precaution like not using BitLocker, making the data easily accessible.
- Scenario B: Reassuring that all devices are encrypted, making unauthorized access highly unlikely.
Every organization would take Scenario B 100 times out of 100. Encrypting your data not only enhances security but also minimizes legal reporting burdens.
Take the time to enable BitLocker on your organization’s devices, and it could end up saving you financially, as well as saving your reputation.
Your customers will appreciate the time spent encrypting their data.
Secure Your Systems with Managed IT Services
Looking to enhance your organization’s security with BitLocker? Contact us here to see how we can help keep your business running smoothly while increasing productivity, security and profitability.
