Although the federal government has made the news of late for its efforts to draft new laws that would have an impact on cyber security practices among private businesses, those very businesses must also keep in mind compliance issues related to state laws as well. Breach notification requirements, for example, may differ from state to state, with some state governments requiring more public disclosures than others do whenever security systems protecting confidential customer information fail.
While no business wants to have a breach at all, the public relations damage caused by such events is ultimately worse in states such as California, which have detailed breach notification requirements coded into state law. In that state, the recently enacted Senate Bill 24, signed into law by Governor Jerry Brown, requires companies to notify individuals whenever data banks containing health, financial, or other personal information have been accessed by unauthorized persons. These requirements went into effect with the onset of the New Year.
California businesses would be well advised in such a reporting climate to adopt a managed programs model as part of their overall IT solutions strategy. Managed programs staff work for an outside IT company and can often bring to the premises a new perspective on security procedures, identifying potential danger areas that in-house staff may have overlooked due to their familiarity with the networks and systems in operation. Sometime, the hardest thing to notice is that which is sitting ‘right under our noses’ because we are used to seeing it, we do not pay it much attention. A managed programs approach can be of great benefit because it brings brand new eyes and ears into the IT services mix.