What are the Proposed Changes to NC’s Data Breach Laws?
North Carolina’s lawmakers will consider legislation first introduced by the Attorney General Josh Stein and Representative Jason Saine. The proposed law would redefine the term “data breach” and give companies 30 days to report breaches to consumers.
For healthcare providers, this reduces the HIPAA timeframe, which states that breach notifications must go out within 60 days. According to the proposal, this gives consumers additional time to freeze their credit and take steps to prevent identity theft.
The law extends the definition of a breach to include ransomware attacks – a big change for healthcare providers, who have been targeted by recent hackers.
How Do the Proposed Changes Give Consumers Greater Control?
Consumers gain a number of protections, including the following.
Quicker notification. Receiving notification within 30 days, instead of 60, gives consumers a heads up so that they can take action to protect their credit and identity.
Credit freeze. Consumers can place a temporary freeze on their credit reports to prevent hackers and thieves from opening unauthorized credit cards in their name.
Credit monitoring. If a credit reporting company, such as Equifax, is breached, they have to provide four years of free credit reporting to impacted consumers. Other organizations that are breached have to provide two years of free credit reporting.
Clarifies penalties. Businesses that fail to report breaches within 30 days will be in violation of the Unfair and Deceptive Trade Practices Act.
What Does This Mean for Consumers?
The bill expands consumers’ right to information about the breached data, as follows.
Consent. A company seeking access to a person’s credit information would need that person to express their permission. The reason for the request has to be provided in writing.
Right to request information. North Carolinians can ask the consumer reporting agency to give them a list of credit-related and non-credit information, its source, and the entity or person that received it.
Why is the State Considering the New Rules?
North Carolina hosts the headquarters of many credit card companies and financial institutions and the legislation follows a dramatic rise in breaches throughout the state. According to Health IT Security, 1.9 million North Carolina residents were compromised in 1,047 breaches in 2018. This was a 3.4 percent increase over 2017.
This is the second attempt to tighten privacy laws in the state. If this bill passes, North Carolina would join several other states that have passed similar laws to combat digital thieves. For example, Colorado passed legislation to shorten their breach notification to 30 days in 2017, and Iowa is proposing a 45-day deadline to notify consumers.
Is This Just Happening in North Carolina?
On the national front, lobbyists and some Congress members are also calling for more protection for consumers whose data has been compromised. For instance, the Information Technology and Innovation Fund has suggested scrapping the hodge-podge of privacy regulations, such as HIPAA, in favor of more unified federal privacy laws.
“My passion for quality IT service is at the forefront of my career.”
Lance Skipper Client Engineer
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“Enabling IT to become an effective and valuable partner by delivering premier customer service and quality IT solutions achieving business goals.”
Jake Parrott Business Development Manager
“Serving the client through IT solutions is my passion. A happy client is a happy me.”
Jason RichardsonClient Engineer
“Striving to provide friendly and quality service to our customers”
Ted Rorabaugh Client Engineer
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“Providing courteous, quality IT service for our customers.”
Rich Yoest Rapid Response Team Supervisor
“Striving to be your trusted adviser and IT teammate in accomplishing all your business goals”
Brandan Bishop Client Account Manager
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Helping customers get the most out of their IT Infrastructure.”
Marc Gillet Project Engineer
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Your satisfaction is our #1 priority.”
Heather Moore Project Manager
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.