Data Privacy Update & Considerations

Long gone are the days when data privacy was only a concern for big businesses, especially in the wake of the much publicized Target data breach.  Even though the Target breach is over a year old, that event, which impacted over 110 million consumers, is just now hitting the courts.  Target and the retail industry are not alone, data breaches occur in every industry (and the government) and are far more common than you think–just browse through Data Breach Today’s website, you may be surprised what you learn.

Data Breach Lessons from Target And, as has been widely publicized, the Target data breach originated with a      Pennsylvania heating and air conditioning (HVAC) business doing business with  Target.  What you may not know, is  that there is strong indication that the breach  originated with phishing emails sent to an  employee of the heating and air  conditioning business.  The HVAC company was connected electronically to Target  to facilitate electronic billing, contract submission  and project management.  And,  although the scope and extent of the breach was  primarily due to Target’s internal  technology infrastructure and administration and the HVAC company has not yet  been named in the lawsuit against target, the HVAC company also could face  liability if its security systems are found to be lacking.

The Target story has somewhat faded into the past, but now is a good time to reflect on it and revisit a few lessons learned from the breach:

  • the increase in “smart” devices, increases connectivity and the opportunity for a back-door into your system;
  • “freeware” security and malware protection may be robust & work perfectly as advertised, but may require you to remember to run it, you may be far better off spending the money for a program that automatically runs in the background;
  • if you process credit cards, you’d better make sure you’re PCI compliant;
  • if you let external parties access your network, you’d better make sure you contain their access to “need to know” or “need to access” items;
  • it’s important to continue to educate and remind employees, all employees, about the danger of phishing and mal-ware and the proper uses of email; and
  • although considered annoying by users and administrators alike, it is critical that proper password protocols, including routine password changes, be implemented and enforced.

Regardless of the size of your business, you need to spend time evaluating your data and technology protocols and make sure you’re keeping up to date on the latest protection available.

For related information on why its important for your Texas small business to protect confidential and proprietary customer data, and tips on how to do so, go here.  

Texas Attorney Constance K. Hall

 Constance Hall, an experienced legal, marketing and client relationship professional, is licensed to  practice law in Texas.  For more information, if you have questions, or to contact Connie, email her at  info@mytxgc.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s