The Big Data Breach: What It Means for IT and Your Wallet
During the latest Twin Cities Business CIO Forum, Carolyn Parnell, Commissioner and State CIO for the Minnesota State IT department, said that after the recent widespread data breaches, enacting laws to protect data are at the top of her agenda.
On May 1 of this year, Target Corporation recruited an information security heavy-hitter to oversee the company’s post-breach data security and technology operations. Now Minnesota, Target HQ’s home state, is the latest state to propose legislation to deal with data breach risks.
On August 15, another Minnesota-based company, Supervalu, was the victim of a major data breach. Supervalu provides technology to over 1,000 grocery and liquor stores who may feel the effects of this most recent breach. Supervalu’s investigation determined the breach appears to have taken placed between June 22-July 17, and it may have resulted from hackers installing malicious software onto the company’s point-of-sale network.
The company reacted quickly, immediately establishing a call center to handle customer concerns about the breach and offered those affected 12 months of free identity protection services.
Data breaches are more than a Minnesota issue. While the fact that 70 million customers were affected by Target’s 2013 breach is daunting, other recent breaches dwarf Target’s in comparison. In 2011, Sony experienced a breach affecting 100 million customers and the 2009 Heartland Payment Systems breach put 130 million customers at risk.
As can be found in Parnell’s recent blog post, the Minnesota Legislature is introducing a bill that will create a 50-state notification requirement for entities doing business in Minnesota. The bill would:
- Broaden the breach notification requirement to require that all individuals be notified, rather than only Minnesota residents
- Require notification to affected individuals or the owners/licensees of the information within 48 hours of discovery or notification of the breach
- Require that businesses impacted by the bill make available one year of free credit monitoring services to all affected individuals and that such services must be made available within 30 days of the breach
- Require that breached retailers or wholesalers of consumer goods or services provide each affected individual with a $100 gift card for future use, valid for at least one year
- Reimburse individuals who incur any charges or fees as a consequence of the breach
Parnell asserted that the legislature may have to be scared into enacting this expansive change in the law. It’s now clear with data breaches at major companies like Target and Supervalu that changes need to take place, and that handling data breaches will be at the top of Minnesota CIO priorities for some time.
What do you think of the proposed bill? Let’s discuss in the comments below!
Content provided by Joe Janasz
Other Posts by the Author
- What’s the Job Market Like Right Now in Minnesota? (WCCO Interview)
- Versique Search and Consulting Named a Star Tribune Top 175 Workplace in 2021
- Heading Back to the Workplace? Advice for Both Employers & Employees – KARE11