According to a “Washington Post Online” story, data breaches have become the norm. Consumers have come to expect that their data is at risk, and will continue to shop or do business with a company even if it has suffered an incident.
When it comes to the workplace, however, employees are more concerned. They don’t want their PII (personally identifiable data) such as names, addresses, Social Security numbers, and banking information exposed.
In November, Nordstrom suffered a breach after a contract worker “improperly handled” employees’ PII. Although there is no evidence the data was shared or misused, the retailer has notified its employees and reported the breach to the Office of the Attorney General in accordance with Washington State law.
Nordstrom was lucky that the incident was not more serious. According to research and advisory company Gartner, “A single breach can result in massive losses, both in money and reputation. Stock prices drop, customers become angry and business goals are jeopardized.” Organizations need to be aware of the risks and take measures to prevent themselves from data breaches.
The law and data breaches
Data protection legislation is becoming increasingly stringent. In North America, each U.S. state has its own data protection law, and amendments to Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act) in November 2018 have introduced obligatory breach notification requirements.
In Europe, the EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. Organizations marketing to and/or monitoring the behavior of EU residents could face stiff fines if a breach occurs – even if they are based outside the EU.
Register for our webinar
To learn more register to our GDPR webinar ISO 27001 and GDPR: How can law firms tackle information security in conjunction with data protection laws.
This free webinar will cover:
- How ISO 27001, the international standard for information security, can help organizations comply with the GDPR
- How organizations can identify the risks associated with data breaches
- The GDPR’s breach reporting requirements
- How to mitigate risks presented by suppliers that have access to personal data
- Why organizations must conduct a data flow mapping exercise
The webinar will take place on Tuesday, December 11, 2018, at 1:00 pm (EST). If you can’t make it, the presentation will be available to download from our website, where you can also view our past webinars.
You can discover how to prepare for a data breach by visiting our #BreachReady page. We break the process down into six simple steps and recommend tools and services you can use to complete each task.