Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software.

Continue Reading

Are You Practicing Webcam Security?

Hackers can access a webcam and it could simply be on without your knowing. Read tips for staying safe around devices with cameras.

Continue Reading

Why Your Organization Needs A Security Breach Notification Plan

All states have laws requiring organizations to notify individuals whose personal data is hacked. Learn more about why.

Continue Reading
print   email   Share

Why Your Organization Needs A Security Breach Notification Plan

Facebook has stated that it will not notify the 533 million users who had their personal data accessed in a data breach occurring before August 2019.

Business Insider reported that the stolen data was recently made public in a database on an amateur hacking forum. The stolen user data includes phone numbers, full names, locations, some email addresses, and other profile information.

The data breach affected users in 106 countries.

Facebook stated in a blog post that hackers exploited a vulnerability in a feature that allowed users to find each other by phone number. The feature is no longer being used on the platform.

Facebook reported that it found and fixed the problem in August 2019 and that cybercriminals can no longer use the same method to steal data.

According to a spokesperson for Facebook, the organization decided not to notify users because it is not confident which users need to be notified and the stolen information did not include financial or health information or passwords. In addition, the information was publicly available and users could not fix the issue themselves.

However, according to security experts, the data leak still leaves Facebook users vulnerable. The founder of CyberScout said that phone numbers are a universal identifier and it creates danger for people when their phone number is public.

For example, two-factor authentication frequently relies on phone numbers to verify a person's identity. Emma Bowman "After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users" npr.org (Apr. 09, 2021).

Commentary

Organizations must follow all applicable security breach notification laws if hackers access personal data stored on your network belonging to employees, customers, or other third parties.

All 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have security breach notification laws requiring private and governmental entities to notify individuals of security breaches involving personally identifiable information.

In general, security breach notification laws specify who must comply, what constitutes “personal information” and a “data breach,” how notifications must be made, and exemptions. NCLS “Security Breach Notification Laws” www.ncsl.org (Apr. 15, 2021).

Familiarize yourself now with the laws in any state in which you operate and create a security breach notification plan that adheres to all requirements. Being prepared ahead of time for a data breach is essential to react in a timely manner and avoid violating the law.

Moreover, certain industries, like healthcare, have additional compliance requirements regarding security breaches.

Visit the National Conference of State Legislatures’ website for the security breach notification laws in each state.

Finally, your opinion is important to us. Please complete the opinion survey: