Should All Data Security Incidents Be Reported?

A data breach or a hack of any kind can be devastating for businesses. They require a serious cost investment to address and a crisis management approach to remediation. That is a big concern for companies in the modern age, but it’s not just amid a breach when you need to be concerned about data security. It should be a consistent priority even when your data isn’t under attack.  

But when it does happen, whether the incident should be reported depends on several things. If your business falls under the jurisdiction of the GDPR, the answer is most likely yes.  The GDPR introduced a duty on all organizations to report certain types of personal data breaches to the relevant supervisory authority. Failing to do so can result in heavy fines and penalties and an investigation by the Information Commissioner’s Office (ICO). For those businesses outside the jurisdiction of GDPR, the answer is still probably yes. Sitting on an incident without reporting it puts organizations at risk of legal and other ramifications. There is currently no federal cybersecurity regulation covering the entire US that obligates organizations to alert the public of data breach alerts. But those businesses who value their reputation and the trust of their clients are best served by being honest and transparent about incidents that put their customers at risk of exposure or data loss.  

To help mitigate the risk of data security incidents, consider taking the following actions to protect your business and your customers.  

Encrypt Customer Data 

It’s well worth asking your IT team to encrypt all sensitive information that you have in your networks. Using extensive firewalls and strong encryption will help protect your electronic information. It’s the equivalent of shredding paper bills and documents, which you should also be doing on behalf of your customers. To take your security efforts one step further, consider taking additional measures to protect sensitive credit card and ACH payment information, by replacing numbers with X’s when displaying private information, and never storying security code numbers. This helps ensure your customers that you take their privacy seriously, building trust, and growing your business through a strong reputation. 

Invest in Identity Validation  

Large data breaches are often linked back to a simple and common problem: bad passwords or mistaken identity. Even today in a heightened digital security environment, there are a number of common mistakes that can have serious consequences when it comes to protecting online information.  Using strong passwords should be a top priority. That means passwords that are unique to the account and that are easy to remember but hard to guess.   

Also, consider incorporating newer technologies such as Single Sign-On (SSO) or Multi-Factor Authorization (MFA). These tools help differentiate your company from those reliant on confusing and easily hacked password protection. User experience matters as well as identity validation. Make sure you are acting in your customers best interest.    

Do Your Research 

Compliance is an important part of why you need to keep customer data safe and secure. If you are not in compliance, your business is at risk of heavy fines and citations. Review the security standards outlined by institutions such as The Payment Card Industry Security Standards Council (PCI SSC), and make sure you comply with their standards. If your invoice-to-cash process is outsourced, work with a company that is SSAE16 audited. Customers often evaluate businesses by their security reputation, so make sure you are crossing your T’s and dotting your I’s when it comes to your data security. New and influential privacy regulations such as GDPR are throwing these issues into stark relief. Make sure you are ahead of the curve and ensure you are in full compliance.  

For more advice on how to grow your business through data security, connect with the experts at Happy Faces Records Management today. 


Get the security of offsite storage, without the hassle.

With outsourced document and records management, records are out of the way, but easily accessible when you need them. HF Services can deliver physical data within two hours, and electronic data in under ten minutes.

  • Save space by getting seldom-used files out of cabinets and data off of drives
  • Control data by securely storing it offsite and managing it with HF Services
  • Improve compliance by ensuring that all critical data is stored securely and accessibly
  • Secure and retain data as long as you need it
  • Bring order to chaos by streamlining and consolidating your records

Check out our data solutions for organizations of all sizes.

Leave a Reply

  • (will not be published)