flexibility. If your system is hosted, you need to make sure that these same safeguards are in place. It is essential to maintain confidentiality of data that is in the custody of a third party. These parties should employ firewalls and other appropriate security measures to make certain that there is no breach in security. Data privacy and security is of even more critical importance for regulated industries such as financial and healthcare organizations. In the event of a data breach, you must comply with data breach notification laws. All 50 states, plus the District of Columbia and the United States territories, have statutes requiring notification of individuals when a data breach impacts their personally-identifiable information (Pll). Typically, the jurisdiction in which the affected individual resides determines which law applies. Definitions of PII usually include social security numbers, driver’s license and state ID numbers, andfinancial account information. Most statutes exclude data elements that are encrypted or otherwise unreadable and information that is legally publicly available from the definition of PII. Accordingly, one safeguard you should take is to encrypt PII that your business is processing and storing whenever feasible. For more information on data privacy and security related issues, consult the MN Department of Employment and Economic Development and Lathrop GPM joint publication A Legal Guide to Privacy and Data Security. 1
1 This guide can be found for free online at: A Legal Guide To PRIVACY AND DATA S E CURITY 202 5
31
Made with FlippingBook - Online Brochure Maker