Dickinson, Mackaman, Tyler & Hagen, P.C.

Data breach notification not only for Equifax-like catastrophes

BPO

Posted on 09/25/2017 at 10:43 AM by Bryan O'Neill

The news is abound recently with seemingly endless stories of data breaches both in Iowa and nationally – the Equifax breach chief among them. However, data breach issues do not always arise in the form of outside cyberattackers gaining access to a company’s computer systems. This blog previously covered  how employees can intentionally help fraudster steal.

Employees can also take data for themselves. Take, for example, the hypothetical in which an employee emails himself copies of an employer’s customer lists, which include customer names and social security numbers, prior to departing his employment. Iowa Code section 715C directs when notification to a consumer needs to occur in the event of a security breach.

Any person who owns or licenses computerized data that includes a consumer’s personal information that is used in the course of the person’s business . . . and that was subject to a breach of security shall give notice of the breach . . . to any consumer whose personal information was included in the information that was breached.

“Breach of security” is defined as “unauthorized acquisition of personal information maintained in computerized form by a person that compromises the security, confidentiality, or integrity of the personal information.” Under the above scenario, a security breach notification would be triggered. The employee has acquired the customer names and social security numbers in a manner that was not authorized by the company. Regardless of the number of customers who were compromised, a security breach notification would be mandatory. Employers would be wise to have in place internal protocols that would prevent the unauthorized distribution of customers’ personal information and specific guidelines for how employees are to handle customer’s personal information.

The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed. 

- Bryan O'Neill 

© 2018 Dickinson Mackaman Tyler & Hagen, PC