Technology often outpaces the legal system in the United States. While legal battles like startup Uber vs. entrenched taxi unions take center stage in the media, there is a less visible – and perhaps more pertinent – struggle taking place around data breach regulations.
Regulated industries, such as financial services and healthcare, have long-standing guidelines around the confidentiality of sensitive information, while businesses outside regulated sectors enjoy scant enforcement around protecting data. But recent high-profile consumer data breaches are causing businesses to rethink data security.
Preparing for pending legislation
Florida is blazing a trail as it relates to guarding against data breaches by enacting legislation that applies to all businesses – regulated or not. For those regulated industries that must already follow guidelines – such as those laid out by HIPAA – the new requirements are added to the mix.
Other state governments are following suit, enacting guidelines designed to protect consumers and punish lax data practices.
Solving the problem without a crippling investment
Investing in complex security equipment and software is a nonstarter for many small and medium businesses. That said, there are efficient means of implementing secure data storage and collaboration practices that will go a long way toward fulfilling any future state requirements.
While it may seem like an obvious step, keep sensitive data locked up by restricting access to only essential personnel. Many regulated industries have complex access hierarchies and protocols. While non-regulated businesses may not need a complex system, knowing who has access to what is critical to maintaining security.
Provide employees with a system to collaborate on sensitive data. Without a simple way to work, employees may use rogue file-sharing systems to transfer and work on sensitive data. When data lives in cloud-based solutions not under your organization’s direct control, that data is at risk.
Emphasize policy changes with reminders and then enforce those policies amongst employees. Without ongoing maintenance, employees may fall back into old habits that put sensitive data at risk. Writing comprehensive yet easy-to-digest policies and procedures will also provide the proof you need to show regulators that you are compliant with new legislation.
It doesn’t take a backbreaking investment to get a small or medium business ahead in the data security compliance game. Taking small steps can lead to big improvements in process and, ultimately, protection for customers.