Don’t wait until your organization experiences an information breach to figure out a detailed game plan for how to react to an incident. That’s the urgent message from three security experts. Breach notification legislation is coming, and its coming to a Province and State near you…
- Be sure to understand what constitutes a breach under the rule and what kinds of incidents must be reported.
- Make widespread use of encryption. That’s because the rule contains a safe harbor exempting organizations from reporting breaches of encrypted data.
- Work closely with business associates, such as software companies, billing services and banks, to make sure they’re prepared to comply with the rule, which requires them to promptly report breaches to covered entities, such as hospitals and clinics.