It has been two months since Alabama Governor Kay Ivey signed Act No.2018-396, regarding data breaches, into law. However, it is never too late to be reminded of the provisions that come with it.
Obligations in the new law
- “All entities subject to the law must ‘implement and maintain reasonable security measures to protect sensitive personally identifying information against a breach of security.’
- A ‘covered entity shall conduct a good faith and prompt investigation’ into ‘a breach of security that has or may have occurred in relation to sensitive personally identifying information.’
- A covered entity must notify each affected Alabama resident, and a third-party agent must notify the covered entity, of a ‘breach of security involving sensitive personally identifying information;’
- A covered entity must notify the Attorney General and credit reporting agencies of breaches involving more than 1,000 Alabama residents.”
Decreasing your risk
There are many ways to “mitigate the risk of civil litigation and other penalties when data loss or theft occurs”. Cyber liability or data breach insurance can provide access to professional assistance that can help businesses to comply with applicable laws and regulations. Furthermore, these types of policies cover costs associated with things such as legal fees, crisis management, forensics and more.
Here are a few rules to go by to help lower your risk of a data breach:
- Have multiple levels of passwords required to reach customer information. Nevertheless, passwords should not contain any personal information and change periodically.
- Have all customer data stored in an encrypted database.
- Install malware detection programs and have firewalls up and secure on workstations and servers.
- Review and implement the standard network security health check controls like the ones suggested here.
If you’re looking for cyber liability coverage or commercial coverage, click here.