Do you know how much the business you contract with cares about you and your information?
Intel Security recently surveyed 452 senior business leaders across Australia about the management of their sensitive data, especially within their cloud service use. According to the report, 70 percent of respondents said their organization stored personally identifiable information on the cloud. Personally identifiable information may include tax numbers, home and email addresses, and birth dates.
However, a lot of those companies have not thought about the security concerns of hosting sensitive information off site. In fact, when asked how they selected a cloud service, 76 percent said their first consideration was a service’s continuity and robustness, or its ability to continue to thrive amidst changes or disruptions.
Security, however, was not as important on their list of considerations. In a 2013 Intel survey, 50 percent of respondents said they were more concerned about the financial repercussions and reputation loss of a data breach than the actual loss of customer information. In fact, in Australia, organizations do not have to report if there is a data breach.
Understanding Data Breach Notification Laws
When there is a data breach within an organization, different states and countries have different specifications within their laws outlining how those impacted are to be notified. In Australia, they do not currently have any notification laws in terms of data breaches. For example, since 2003, 26 percent of organizations within Australia did not report a data breach.
In the United States, each state has its own law. The first security breach notification law was introduced in California in 2002. Most states have followed, passing similar laws. Currently Alabama, New Mexico and South Dakota do not have security breach laws
Making Sure an Organization Cares About its Customers
Data breaches are not uncommon. Make sure that if you are affected by an organization’s data breach, that they will tell you about it. In California, the law is specific in requiring organizations to not delay in reporting the breach and informing impacted people of what happened, what information was involved, what is being done about it, what the impacted person should do about it, and any other important information. That way impacted people can clearly understand what is happening and what they should do in response.
So whether you are choosing an organization to work with or you are already working with a group and never found out, ask someone what they are doing to protect your personal information. Is security one of their top concerns? What resources have they put toward protecting you as a customer? Make sure you understand how much the organizations and businesses you work with really care about you.