NC not among nine states that have recently passed stricter data privacy and notification laws.
Data security has been in the news, with several high profile breaches affecting the private data of millions of people. Without tighter data privacy and notification laws, the only remedy that innocent victims have is to sue the companies that released their data. But data security is a public safety issue, and private lawsuits are an expensive and time consuming remedy.
What follows are examples of measures taken by other states to address this urgent issue, as reported in the Data Protection Report in June, 2019, with the full text of the article here: tps://www.dataprotectionreport.com/2019/06/nine-states-pass-new-and-expanded-data-breach-notification-laws/.
Illinois: Proposed legislation requires businesses to notify the state of breaches involving at least 500 Illinois residents.
Maine: Internet Service Providers will no longer be allowed to sell, use or distribute consumer data without consent.
Maryland: Expands the scope of businesses covered by data security laws and restricts the way information regarding the breach may be used.
Massachusetts: Requires complimentary credit monitoring, beefs up notification requirements, and mandates that businesses inform state regulators as to whether they maintain “a written information security program.”
New Jersey: Expands the definition of personal information and modifies notification standards
New York: Expands the categories of protected data, expands the definition of “breach,” requires businesses to implement “reasonable safeguards” amplifies the amount of time the Attorney General has to bring an action for violation of the Data Security Act.
Oregon: Implements enhanced data breach notification requirements and expands the definition of “personal information.”
Texas: Sets notification deadlines and creates a Privacy Protection council
Washington: Expands protection of personal information and reduces notification deadline
Maine’s law was enacted in response to the national repeal of net neutrality. This is super important because giant telecommunication interests now have the ability to do deep packet inspection and profile their customers at an unprecedented level. The scale of exposure on ISP’s is in the same league as Google and Facebook, and may in some aspects exceed the breadth of data held by those well-known companies which have suffered breaches.
The law in North Carolina on protection from security breaches can be seen at the following link: https://www.ncleg.net/EnactedLegislation/Statutes/HTML/BySection/Chapter_75/GS_75-65.html
Among other things, the North Carolina statute does not contain a hard notification deadline, does not require notification of credit bureaus unless more than 1,000 people are affected, does not require businesses to have data security programs, exempts certain personal information from its scope, exempts financial institutions which follow a 2005 federal statute, does not require businesses to provide credit monitoring, and prohibits citizens from suing for enforcement of the statute unless they have suffered direct damage, providing significant protection for violators of the statute.
Bipartisan legislation to strengthen protection for North Carolina citizens has been proposed both in 2018 and 2019, but still has not passed. The legislature refused to vote on it last year, and we will see what happens in 2019.
Citizens’ private information is held by numerous businesses and agencies. At Tekmar we believe that everyone has the right to expect their personal data will be kept as safe as technologically practical, that they are entitled to notification as soon as possible and that businesses should be required to have security programs in place to protect private data. If you agree, here is a link to North Carolina state house and senate contacts: https://www.ncleg.gov/RnR/Representation.
The scope of the problem is enormous; more than 5 million North Carolinians, half the population, was affected by the 2018 Equifax breach and 1.9 million so far in 2019. Most data breaches can be prevented by staying updated and current with the latest technologies being used, and requiring businesses to do so is the least we can do for our citizens.
ESSE QUAM VIDERI North Carolina’s state motto…
means to be rather than to seem. When it comes to IT security and personal privacy let’s be safe rather than seem safe. As a business owner and an affected consumer I feel it is necessary to take every action we can to stop the onslaught of illegal and unethical intrusions into people’s lives for financial gain. These laws are a good starting point, but we need to go further. Tekmar Solutions, Inc. offers internal and external IT auditing so that organizations and individuals have an IT Blueprint for maximum security.