SAS 70

Jul 20 2008   12:20AM GMT

Data Security Breach Myths – SAS70

Keith Harrell Profile: SAS70ExPERT

When a data breach occurs what are you required to do? You heard that you had to include notifications required by federal and state laws when a data breach occurs. Are these myths, truths or dares? You need to know the difference between the myths and the facts. For instance:


Myth 1When you loose critical financial or personal data, you must  notify everyone and their mother. I call “Shenanigans!” Only if certain conditions are met, then 45 of the State laws require that you notify the consumer or credit card holder. If the conditions are not met, then notification laws are less strict. For example, if data is not considered critical, data is encrypted, or not accessible, then you may not have to report it.


Myth 2 – You must comply with only the law where the data breach occurred. I call “double Shenanigans!” You must take many factors into account when determining which law to apply to the disaster. First, consider what state your Company is incorporated; then, the residence of the individuals whose information lost.


Myth 3 – Your Company meets California requirements, and their standards are higher than all other states, so I must be in compliance. This is just “completely Shenanigans! Even though California was the first, their have been several states which have used California as a baseline and made improvements and additional requirements. For example, Ohio, Georgia, and Texas, have made stringent laws related to data privacy and require detailed notification and follow-up.


Make sure you have an attorney handy, your plan is detailed to enough so that you can start a plan of action, and begin the communication process when a data breach occurs. Get a plan in place and if required, you will be ready for a SAS70 audit and a data breach catastrophe.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: