Yahoo: 3 billion user accounts. Marriot: 500 million guests. Equifax: 145.5 million consumers. These Fortune 1000 companies rank in the top five worst cyber-related breaches … so far. While these sheer numbers are startling in themselves, the total number of records compromised worldwide in the first half of 2018 were over 3 billion according to the Breach Level Index, an increase of 72 percent over the same time period in 2017.
The good news? New data protection regulations were introduced in 2018 to help organizations better protect customer’s privacy. Most notably is the General Data Protection Regulation (GDPR) which provides consumers with a right to know when their data is compromised.
While the GDPR is a European Union (EU) law, it spans the globe, making this legislation applicable to many organizations based in the United States.
GDPR does not discriminate between a controller or processor of personal information – both are liable in an organization for the loss of any personal data collected – with a penalty of up to 4 percent of annual global turnover.
Stinnett’s cybersecurity and data privacy team can help companies explore key security controls that must be in place to ensure GDPR compliance as well as other compliance laws such a HIPAA and the soon to be implemented California Consumer Data Privacy Act.
Technical safeguards might include implementing data loss prevention tools, data auditing tools, security incident and event management tools (SIEM) – all critical threat detection elements to help combat breaches while adding extra layers of cybersecurity protection.
Have you received notification that your personal information was stolen in a data breach? Read Stinnett’s tips on reporting cybercrime.