Questions & Answers:
Are there special regulations for businesses at high risk of data theft?
HIPPA regulations for PHI are important.
Are employee’s names and data considered protected data?
Yes, anybody’s personal information is considered protected data.
Are businesses legally exposed if their employees PII or PHI is stolen from company computers or data centers?
Yes, employee’s records are still considered client data.
Are there sample incident response plans to use as a template?
There are, email Malki for more information.
where to find the "training" information about compliant corporate policy? Do you have anything that you can share?
There are quite a few companies that do this on a national level:
I heard that you recommended changing passwords every three months, however, did you also recommend changing User ID as well?
Mostly the password. Most user ids. The password is the most critical. User ids and passwords are stored separate in the system usually.
Can an employee be held liable for opening a suspect email?
No, employees cannot be held liable for opening a suspect email.
You talked really fast about encrypted emails. What's that?
It is similar process to a dropbox, but starts with an email exchange.
We backup our network, but not each employee's PC. If we have a policy for employees to store their data on our network drive, are we still at risk? I can't control those employees that don't follow the rules.
Yes, you are still at risk. Whether it is part of your network or not, it is still considered your data. Both company, and individual have serious liability.
do you have any attorneys that you can recommend?
Yes, please contact Malki.
where to find the Federal Trade Commission's website with the recommendations that you mentioned?
Please email Malki. FTC.gov, section for tips and advice, go to the business center and you will see a bunch of information on it.
we have hosted service. When a client stops paying for their service, do we still need to keep backup of their data? I assume we can just destroy their data.
Depends on what data you are backing up. Recommend sending certified mail to ensure they reach it.
some fax numbers actually email. Is that the same or just as secure as encrypted email?
Digital fax number. You basically use your faxs over an email. It is not the same as sending a “real” fax.
What is a safer way to transmit data, fax or encrypted email?
Encrypted email is very secure. Fax takes it a step further, but it is a lot more annoying. As long as you are using a legitimate service.
Doesn't having your data stored in multiple locations increase your risk of a breach?
Yes, It does, but it depends on what kind of storage we are talking about.
Are employees' names and pictures considered as protected data?
While an employee’s name is not normally considered personal or protected data (check with your local state and municipality to be sure). It is considered best practice to treat it as such. Photos are squarely classified as protected data.