Insureon Blog

Small Business Faces $3,000 Fine for Data Breach

17. July 2014 08:38

professional woman in a state of dismay

According to an article by the Brattleboro Reformer, a small gift store in Vermont was fined $3,000 by the attorney general’s office. The offense? The Shelburne Country Store didn’t inform its customers of a credit card security breach. Turns out, the shop’s website was hacked last year, exposing 721 online shoppers’ credit card information.

If nothing else, this story reminds small-business owners of two important things:

  1. Any business – of any size – can face a data security breach.
  2. According to many state laws, it’s not enough to simply fix the breach.

Let’s take a look at how some states are attempting to address the rising problem of data breaches by creating stricter reporting requirements (and fines for businesses that don’t comply).

States Buckle Down on Data Breach Reporting Requirements

Though the Shelburne Country Store did promptly fix their security vulnerabilities, it failed to comply with Vermont’s Security Breach Notice Act. Under this law, businesses must…

When businesses neglect these reporting obligations, they can be fined. And Vermont isn’t the only state enforcing these types of policies. SecurityInfoWatch.com reports that Kentucky recently enacted two laws that tighten the belt on data breach reporting.

Both state and private sectors in Kentucky have to alert the following entities when a data breach occurs (depending on which is directly involved):

Unlike Vermont, Kentucky’s laws don’t specify a time period for alerting individuals affected by the breach.

Also worth noting is that the new legislature doesn’t regulate the already regulated health industry. As you may already know, the Health Insurance Portability and Accountability Act (HIPAA) requires health agencies to report data breaches. (Learn more about HIPAA, HITECH, and data breaches here: “HIPAA Has Teeth: What Accountants, Lawyers, and Other Professionals Need to Know When Working with Clients in Healthcare.”)

How Small Businesses Can Manage Data Security Risks

In addition to knowing your state’s reporting laws, the best way to stay on the right side of the law is to avoid a breach altogether. Easier said than done, right?

Perhaps these tips can help:

Of course, even your best efforts to improve your data security might not be enough to keep a persistent hacker at bay. That’s why small-business owners should always have a backup plan in place. Luckily, Cyber Liability Insurance can help your business recover from a data breach by covering the cost of notifying affected parties, investigating and repairing the breach, and more.

how is your business exposed

Tags:

Cyber Risk Insurance | Data Breach | HIPAA | Risk Management | Small Business | Small Business Risk Management

Permalink | Comments (0)