Data breaches happen all the time, simply look to the headlines and you’ll find multiple examples of corporations struggling to protect their data. From Target and Equifax to Anthem – all these organizations have fallen victim to some form of data breach usually affecting customer data. Yes, many (most) of us have received a breach notification letter or, at the very least, know someone who has.
Every state in the U.S. now has a data breach notification law. This trend is a signal to organizations conducting business in the U.S. that they should start taking the necessary actions to protect the personal identifying information (PII) of their customers, clients and employees.
One of the best ways to protect PII is through encryption; an algorithmic process which transforms readable data into unreadable data and that requires a confidential process/key to make the data readable again. An encryption key is a string of bits used to scramble and unscramble data, essentially unlocking the information and turning it back to readable data.
Not only has encrypting data become easier and cheaper to institute, it also has added legal benefits as well. For example, many data breach notification laws contain an encryption safe harbor that says notification is not required if the compromised data was encrypted.
How Encryption Will Help Your Organization
One purpose of encrypting data is to help mitigate the damages caused by a data breach. Although data encryption is not an absolute solution – as breaches will and do still happen – once accessed, unencrypted data can quickly yield a treasure trove of sensitive financial, business or personal information. With such unauthorized access, an organization can suffer massive reputational damage and find itself subject to hefty regulatory fines. However, if the accessed data was encrypted, your legal obligations (and resulting damages) will likely be much less.
Various states and industries now require organizations to safeguard their data. Companies can use encryption as part of those safeguards and to mitigate risk exposure. Acting now will limit the fallout of a potential breach!
- Encryption can potentially help your organization avoid an incident that requires individual notification and should therefore be worthy of investment.
- Encryption will save you time, money, and possibly your organizations reputation.