What data responsibilities do businesses have?
A recent lawsuit from Tesla shows the continued impact made by insider threats against a company’s cybersecurity structures. In this case, their target is a former employee accused of stealing proprietary codes and software files from the company’s systems. Apparently it only took days after starting his job for this employee to have sent thousands of confidential files to his own Dropbox account, which the software engineer has since claimed to be one giant misunderstanding. Whether this is true or not, and the details were elaborated in a New York Post interview, the fact remains that around 26,000 sensitive files were exposed through an internal force. Even well-intentioned agents can make a single mistake that could compromise critical data, as was the case here.
On top of protecting their own affairs, organizations must also deal with an increasing number of regulations for safeguarding customer data, such as the New York SHIELD (Stop Hacks and Improve Electronic Data Security) that took effect in March 2020. Local standards like this are cropping up in most states in the US, in lieu of a national framework, to address the information security of residents. Pandemic times exacerbate the danger, however, of neglecting compliance, which will only put the business on worse footing if attacked.
According to the SHIELD Act, if an organization collects any range of personal information from Social Security numbers to driver’s license numbers, payment card to biometric data, it is obligated to implement a cybersecurity policy with “reasonable” protections in place (which can vary depending on the size and scope of the business). Notifications are also required in the event of unauthorized access, whether of the type in the Tesla case or by an unambiguously illegitimate intruder. Third-party connections must also be secured so an agency outside your control doesn’t become responsible for being served breach penalties.
Ever since GDPR virtually took the first step for these modern, more robust standards, countless others have continued to develop. Businesses should be wary of distractions from working towards adherence, even with such substantial changes to working patterns as the past year has seen.