Agencies at All Sides
For businesses, the primary reasons to secure customer data are to protect the financial interests of both the client and the company. Data breaches are bad for the brand; it breeds mistrust and can potentially cost businesses millions of hard-earned dollars. Another reason to protect such information is to avoid data breach enforcement, which can entangle companies in legal and regulatory battles for years.
Multi-Faceted Data Breach Enforcement
Medical businesses usually consider the federal Department of Health and Human Services as the authority on something like protected health information breaches. In recent cases, however, other agencies – including the Office of Civil Rights and the Federal Trade Commission – have involved themselves in investigations and legal procedures following data breaches in health, retail, or financial industries.
The Shutdown of LabMD
In one of the more dramatic examples of dual-agency data breach enforcement, the FTC became embroiled in legal battles with LabMD after an alleged breach of personal health information. The former CEO of LabMD wrote a book about the dispute and went public with allegations that the demise of his company was primarily due to actions the FTC took against LabMD.
Avoiding Data Breach Woes
Surviving a direct confrontation with any major federal or state agency is difficult for a small or medium-sized business. That means avoiding data breaches is a critical concern for many companies. Here are a few tips to avoid inviting data breach enforcement agencies in your business:
- Train employees to protect data properly and avoid common data security threats on the Internet.
- Use strong password policies and keep sensitive data on secured servers.
- Write comprehensive policies on laptop and mobile device use.
- Shred unnecessary paper that includes sensitive data.
- Audit access and use of data on a regular basis to identify areas for proactive improvement.
How do you protect your business from data breach enforcement?