Yes, there should be a legal requirement that owners of information systems inform users if their information is breached. A data breach is a situation where sensitive and private information is copied, transmitted, stolen or accessed in any way by an individual who is not authorized to do so. It can involve a company, which keeps users data privately such as Facebook or Uber. Customers put a lot of trust in a company when providing them with their private data. This data can be used against their will or for purposes of manipulating them. There is no current mandate in the law that covers data breaches that involve access of private information. A legal requirement would make companies more thorough with user’s information to avoid the costly litigation costs that might occur.
There are numerous consequences of a data breach. A data breach risks the compromise of user’s data, which might be sensitive and may be used by cyber thieves to manipulate these individuals. A data breach could also put the employee’s data at risk. Sensitive information belonging to members of the work force is just as sensitive as the data customers provide (Layzell, 2018) . Most of these individuals work tirelessly for the benefit of the company; they should therefore be treated with the same respect. A company could also suffer a DDoS attack, which is a malicious attack by cyber criminals, which temporarily impairs servers, leaving the company blind to any information that may be stolen. It could also lead to huge financial losses for companies, which rely heavily on internet services.
Delegate your assignment to our experts and they will do the rest.
A recent study has shown that cybercrimes could cost the world up to $6 billion by 2021. This could devastate the economy and have big implications. Moreover, a data breach puts secrets at risk. Military breaches have left government strategies open to their enemies. Data breaches also affect the reputation of the company. Customers lose their trust in the capability of the company to handle their data. Therefore, they feel at risk providing their data causing them to reject your company and its services. This can end up causing the collapse of a company entirely. Business owners should employ the best strategies in the technology world to ensure these attacks are powerless against their systems.
Organizations are becoming more reliant on server infrastructure in keeping users information. Gone are the days that a company had to keep individual files for all their customers. They can now simply open an account for a user where they can key in their information and protect it with a password. Other systems go as far as protecting this data using fingerprints and other encryption methods where only authorised persons are provided with the key to access the information (Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes, n.d.) . Cloud storage is more efficient since they take up little space as compared to the space that would be required to keep physical files. In cloud based server infrastructure there are three parties involved. These are; the individual or organization that is being tasked with providing the data storage and protection; the data owner who provides his information to the organization for safekeeping; and the data holder, which is a third, party company that provides the cloud storage service such as IBM Cloud or Microsoft Azure.
Data that has personal information is increasingly becoming vulnerable in these cloud storage facilities. This is due to a variety of factors, which range from lack of transparency operations, remote and indirect management and enhanced threats (Mikhed & Vogan, 2018) . This is because data owners do not have direct access to their data and as such, they have reduced control on who can administer and have access to data. In a company with many data, the information is usually laid out in a large storage network, which may have much weak point, and loopholes that hackers can manipulate to access data. The fact that data is accessed remotely makes it riskier. This is because many users can easily make accounts on the platform. There is no physical evaluation of which these people are and their intentions.
With the growing cases of data breaches, Congress and state governments are looking at how to protect user information from unauthorized access since currently there is no mandate that addresses the intrusion of private data (Joseph, 2014). However, all states require companies to inform users if their data is breached. The US law holds the data owner (the company that is entrusted with the data by the customer) responsible for any incident that occurs and puts users information at risk. This is upheld regardless of whether the cloud provider had a system malfunction or was not secure enough.
Under the HIPAA, if data concerning health information is breached, the data holder is also held responsible. This is because a data holder is referred to as a ‘business associate’ hence is subject to its legislation (Joseph, 2014) . Agreements under the HIPAA demand that the data holder informs the data owner and offer their help in conducting the investigations. Both state and federal data privacy laws do not cover cyber intrusions hence do not impose civil liabilities. However, the liabilities are imposed in case of one of the following situations; a data holder failed to use data protection methods that were up to standards; the data holder failed to solve or mitigate the damage once it was caused; and failure to inform the affected individuals on time. Even so, this negligence must be proven when one is placing a lawsuit. The damages of these intrusions can be lawsuits by customers that can require huge compensations for the losses, government investigations, outside audit teams, digital investigations, remodelling of the server infrastructure and use of new identity theft protection systems, which can be costly. Collateral damage can involve the reputation of the company being questioned, decline of business and revenue and an overhaul of management.
Various steps should be followed after a company suspects that there has been a data breach. The first step would be to contact the Information Technology team to inquire about the situation. One should never ignore a data breach, however small it may seem. The more time individuals take to contact the experts, the more the amount of data, which is at risk of being stolen. It support will also be able to inform on the files that have been stolen and the extent of damage. They can also be able to trace the cause of the breach. The next step would involve the backups. Every company should have a method put in place, which they can use to recover data if it is stolen (Greenfield, 2018) . Data backups ensure the fast recovery of information since they store logs, which can be used to trace the source of the attacks. The company should then be open to the clients and inform them of the breach. Transparency is very crucial in maintaining the trust of the customer and assuring them that the data is safe. When IT has fully assessed the issue, they should be further being kept on site to look into the problem to offer more protection from a subsequent attack that may occur. The last step would involve learning from the data breach and ensuring that if another breach were to be attempted they would be better equipped to handle it.
No one can be too perfect to resist an attack; everyone can be at risk of the attack. The only thing that data holders and owners can do is to ensure they use systems that are up to date. This will give users the assurance that the company did all that they could to protect the data and that they are capable of handling a breach. Legal requirements may hence make companies more careful with consumer’s information.
In overall, this study has supported the idea that, a legal requirement should be held that owners of information systems inform users if their information is breached. They have a right to know, as they can be helpful in carrying out investigations. By so doing, the owners of information are secured against any form of manipulation by the hackers, and further damage is prevented.
References
Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes . (n.d.). Retrieved from Trend MIcro: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101
Greenfield, K. (2018). What You Should do if You Suspect a Data Breach. Capital Network Solutions .
Joseph, J. (2014). How Safe Is Your Private Information? . Cybersecurity Nexus , 1-16.
Layzell, N. (2018). 12 Potential Consequences of Data Breaches. Dataconomy .
Mikhed, V., & Vogan, M. (2018). How data breaches affect consumer credit. Journal of Banking and Finance , 192-207.
