Posts

What Value Does Your Company Place on Their Customer’s Privacy and Livelihood?

From Eric Levy: ITAD SalesEPC, Inc.

EPC, Inc, now in its 30th year of business, continues to be a centerpiece of information in regard to Data Security. We have been offering companies of all sizes options that ensure compliance with specific industry standards to help protect a company’s reputation and information. A recent article from DataBreaches.Net shows just how important it is to be compliant.

“Nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging.”

This is a staggering number and cannot be overlooked.

That means that if your company had an “average sized” Data Breach from a mishandled asset or drive of 554 leaked names*, you would have 139 customers or clients that now have had their entire identity taken from them. This is a process that can take from 3-7 years to reclaim not to mention the untold number of dollars that it will cost YOUR COMPANY to make this happen.

The next time you have retired assets that your boss told you to “get rid of” don’t just think of your potential feel good moment of running into that boss’ office and telling him you got rid of all of those “old” computers and were able to do it for no money. Think about that boss’ reaction when you have to tell him the guy that did it for free just stole you client’s identities and you now have to deal with the absolute costs associated with a breach – along with the unknown costs of lost business.

EPC offers true, peace of mind and for very little time on your part. We offer fluid solutions to fit any company in any industry.

Please feel free to contact EPC and learn more about our Industry leading Data Security operations. We would love to help you review your protocols to make sure you are compliant within your industry.

*The data to describe an average size breach is from 2012. We expect the average size of a breach to continue to grow exponentially for the foreseeable future.

Stimulus Bill significantly modifies HIPAA regulations

Buried within the huge American Recovery and Reinvestment Act (a.k.a, the “Stimulus Bill”) are a few changes to HIPAA’s Privacy and Security Rules, increasing the scope of coverage to include Business Associates. This means data security providers, contractors, and partners can be directly fined for informational security breaches that occur on their watch. The bill also increases the penalties for some of the violations.

Previously, Business Associates were required to comply only with a written business associate agreement. Now Business Associates are subject to many of the same requirements hospitals and medical providers are. They will be required to appoint a security official, develop written policies and procedures pertaining to data leakage, and training its workforce in electronic data protection.

In addition, breach notification requirements were increased. If a breach occurs, the specific business entity that has the breach will be required to notify every individual affected by the security breach. If current contact information is not available, the entity may be required to post notification on their website or in some other broadcast medium (television, newspapers). The bill also provides for the creation of a website by the Health and Human Services department to list information about these breaches.

Source: Stimulus Bill dramatically modifies HIPAA rules