Can We Trust Utah Companies With Our Personal Data Online?

By Francisco M. Herrera

Today people dont realize how much of their personal information is being put out there.

From what we search on the internet, to what apps we use on our smartphone, where we make

our next purchase online or in person. Data security affects everyone from the biggest

companies, to your local school. No one is safe. According to socialnomics.net; More than 169

million personal records were exposed in 2015 from financial, business, education, government,

and healthcare sectors. Making it harder for us to be safe. According to techopedia.com a

security breach is any incident that results in unauthorized access of data, applications, services,

networks and/or devices by bypassing their underlying security mechanisms. Businesses in

Utah are being breached without even knowing it.

In 2015 more than 1,000 businesses were victims of a data breach. About of the

businesses didnt know they were breached, and they learned from third parties. According to

Marshall, Romaine, and Tracy Gray from Holland & Hart LLP; Millions of consumers were

subjected to unlawful charges, restricted or blocked access to bank accounts, inability to pay

other bills, and late payment charges or new card fees. Causing consumers to wonder what had

happened to their accounts, all because businesses failed to provide their customers with

adequate security. They also failed to notify the consumers of the breach. In Utah, businesses

must follow the Under the Protection of Personal Information Act (the Utah Act). With some

exceptions, businesses must implement and maintain reasonable procedures to prevent unlawful

use or disclosure of personal information they collect or maintain. Personal information includes

a persons first name, first initial and last name combined with a social security number or

drivers license number; a financial account number, or credit card or debit card number, or any
security code, or password that would permit access to the persons account. When businesses

own or license computerized data that includes personal information become aware of a breach,

they must determine if the personal information has been or will be misused, and if that is the

case, they must notify each person as soon as possible unless law enforcement asks them not to

for investigative purposes. The only reason a business may delay notification is to determine the

scope of the breach and after restoring their security systems. In Utah if a business fails to

comply with this, a business is liable to civil fines up to $2,500 per consumer and up to $100,000

for related violations involving more than one consumer. While this is not an independent basis

for liability for consumers to assert in private lawsuits, the Utah Act at least establishes a

baseline of notification procedures businesses should follow if they are breached.

The federal government is considering cybersecurity legislation after numerous executive

orders, proposed guidelines and directives to establish a cybersecurity framework. On March 25,

bipartisan legislation being referred to as the Data Security and Breach Notification Act of 2015

(DSBN) was submitted to Congress. If DSBN is passed it would apply to most businesses, and

would take over all state data breach notification laws. It would only require businesses to notify

consumers if breaches are likely to lead to economic harm, and would expand the definition of

personal information. As a single standard, the DSBN would have obvious benefits for businesses

over the existing patchwork and evolving legislation and standards. Importantly, the DSBN would

be enforced by the Federal Trade Commission, which would have authority to issue uncapped civil

penalties.

Today the landscape of data security is more complex than ever. The best experts on data

security today admit that they cant prevent every breach. With the growth of mobile apps, the

internet, smart tvs and even gaming consoles, the growth of security issues is on the rise every day.
Understanding cybersecurity legislation and industry standards is essential because as our

technology evolves so do our laws. Staying up to date will be a challenge and essential for every

growing business.

Did you know?

<--Green Money Bag

$5.8 million:

Average organizational

cost of a data breach in

the US.
With the heightened media attention and awareness around corporate data

security breaches, it's more important than ever to consider your organization's policies

around protecting visual privacy.

2014 Cost of Data Breach Study: Global Analysis," Ponemon Institute/IBM, May 2014

Did you know?

Green 650% Increase

650%: Increase in cyber-

security breaches reported by

gov. agencies in 2013.

 Government employees view sensitive digital data on display screens every day.

And as cyber-security risks increase and mobile use becomes more frequent, preventing

visual data breaches is an ever-growing challenge.

Government Accountability Office (GAO)

Which industries are at risk?

Most companies are at risk, but key industries should be particularly aware of visual privacy

issues.

Medical Staff Rounding

Healthcare

Help keep your privacy in good health and supplement your organization's compliance program

with certain industry standards.

 Morning Business Meeting

Finance and Banking

A worthy investmenthelp prevent the inadvertent compromise of client information and help

financial institutions supplement their compliance program with certain industry standards.

Government Employee On

Break

Government

Federal agencies must be

especially vigilant to help keep proprietary information confidential

Young Students Taking A Test

Education
Raise your hand if you're concerned about helping protect testing integrity and classroom

technology.

Works Cited

Government Employee On Break. N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen

Protectors." 3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.

Green 650% Increase N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen Protectors."

3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.

Green Money Bag. N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen Protectors." 3m.com.

3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.

Marshall, Romaine and Tracy Gray. "Hacked Again?! What to Know about Utah's Data Breach

Statute...For Now." Utah Business, vol. 29, no. 5, May 2015, p. 34. EBSCOhost,

libprox1.slcc.edu/login?url=http://search.ebscohost.com/login.aspx?

direct=true&db=bwh&AN=109100767&site=eds-live.

Medical Staff Rounding. N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen Protectors."

3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.

Morning Business Meeting. N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen Protectors."

3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.

"Privacy and Screen Protectors." 3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb.

2017.<http://www.3m.com/3M/en_US/privacy-screen-protectors-

us/visualprivacy/organizations/?
WT.mc_id=3MPrivacyFilters_Paid_Search&WT.srch=1&cshift_ck=bdbb41fe-3576-4064-ada9-

0735f860be81csi0HX8GIY>.

"Utah State Legislature." Utah State Legislature. N.p., n.d. Web. 27 Feb. 2017.

<http://le.utah.gov/xcode/Title13/Chapter44/13-44.html?v=C13-

44_1800010118000101>.

Vairagi, Upasana. "6 Cyber Security Statistics You Should Know for 2016." Socialnomics. N.p.,

14 Apr. 2015. Web. 27 Feb. 2017.

<http://socialnomics.net/2016/08/17/6-cyber-security-statistics-you-should-know-for-2016/>.

"What Is a Security Breach? - Definition from Techopedia." Techopedia.com. N.p., n.d. Web. 277

Feb. 2017. <https://www.techopedia.com/definition/29060/security-breach>.

Young Students Taking A Test. N.d. 3m.com. Web. 27 Feb. 2017. <"Privacy and Screen

Protectors." 3m.com. 3M Science. Applied to Life, n.d. Web. 27 Feb. 2017. .>.