Utah Updates Law on Personally Identifiable Information Losses and What it Means for Your Organizati
In 2019, lawmakers passed SB 193 - Attorney General Enforcement Amendments, and the updated law is now in effect.
The law still requires that all individuals who may have had their personally identifiable information (PII) lost or stolen through an organization be notified by mail, phone, email and/or publication in a newspaper, but what is new is that the state is becoming more strict when it comes to larger PII losses.
Under the old law, the state capped the maximum possible fine to $100,000 for any organization that suffered a data breach. Under the new law, the state is able to increase fines if 10,000 or more records of PII are lost or stolen from residents inside the state and if 10,000 or more records of PII are lost or stolen from residents outside of the state.
In addition, the new law now empowers the state to investigate and fine organizations up to 10 years after the data loss occurred and civil actions can take place up to 5 years after the loss took place.
As you can imagine, this updated law means that a data breach at your organization could be a disastrous event with fines and civil payouts in the thousands, and no organization is immune.
SecurityIntelligence reports that the odds of an organization experiencing a breach of 10,000 or more records is 27.9 percent (and it is worth noting that this number is expected to only increase as business becomes more and more digital). The same report also notes that it often takes more than six months for an organization to notice the breach and that early detection can help reduce damage.
This is where Columbus Secure Shredding and our partner, CSR Privacy Solutions, comes in.
Preventing, detecting, and responding to a data breach is a costly and time-consuming process, but with CSR the process is made simpler. First, CSR offers a comprehensive questionnaire that helps you analyze your current data security systems and offers at no or low-cost industry best practices and policies that you can implement to help prevent breaches in the first place. If a breach does occur, CSR also handles the leg work when it comes to identifying and notifying customers and state agencies in an effort to help reduce the fines associated with the loss of PII.
And, yes, it really does pay to have such a service.
Aside from the intangible cost of customer confidence and drop in reputation, SecurityIntelligence also noted that having an incident response team can reduce the cost of a breach by as much as $14 per compromised record.
Did we mention that signing the CSR Program is only $15.99 per month? Did we also mention that you do not need to be receiving our document destruction services in order to sign up for the CSR service?