Identity theft laws in states may vary by state but a notice requirement is common among them. The frequency and extent of data breaches is staggering with the Identity Theft Resource Center (ITRC) recording over 700 breaches so far recorded in 2015 affecting roughly 200 million records. The previous year, the ITRC recorded for 2014 over 780 data breaches. The numbers include inadvertent breaches along with data theft events.
As companies look for ways to prevent data breaches and be compliant with identity theft laws, it is fundamentally productive to as well focus on enhancing an incident rapid response process. This concern is shared by the private sector as well as the public sector. The aspect of immunity is a commonality among industries and sectors. The data breach events have affected the healthcare industry with Anthem’s February 2015 incident affecting over 70 million healthcare customer records, approximately 20m at the U.S. Office of Personnel Management in June, as well as Georgia’s Department of State registered voter records were affected with over 6 million potentially determined to have been disclosed. The breach disclosed social security numbers as well as private information as a result of a claimed clerical error.
According to Georgia law, the Georgia Department of State is required to share voter registration data upon request from political parties and the media. As a result of several disks containing social security numbers and private information being received by the recipients under the law’s requirement, two-class action suits have been filed. The breaches were publicized after the suits were filed and the claimants are asserting that the responses were inadequate.
States like South Carolina, since its 2012 Dept. of Revenue data breach incident affecting nearly 4m individual social security numbers, are providing credit monitoring, mitigation services, plus credit protection to their affected citizens. All these incidents underscore the need to enhance rapid response processes in addition to protection mechanisms and personnel training.