In Case You Missed It: Illinois strengthened its data privacy and security law, with the amendments going into effect in January 2017. The amendments include expanding the definition of “personal information” to include a username or email address of an Illinois resident in conjunction with a password or security question answer that would permit access to an online account. The definition is also expanded to include medical and health insurance information. However, if a company already complies with the data security elements of HIPAA and HITECH, then it will be deemed to comply with the Illinois law. Illinois’ amendments follow similar measures adopted in California last fall to strengthen its data security law.
News of Note: The Ponemon Institute and IBM released their 2016 Cost of Data Breach Study. The study collected data from 382 companies that experienced a data breach in the last year. The study – which encompasses 12 countries — found that the average cost of a data breach increased from $3.79 million to $4 million. The average cost paid for each lost or stolen record was $158.
Practice Tip: The same Ponemon Institute and IBM study suggests many useful ways to reduce the cost of a data breach. For instance, it is difficult to dispute that the longer it takes to detect and contain a data breach, the more costly it will be to resolve that breach. Companies that invest in technology, in-house expertise, and staff training have a better chance of avoiding a breach and more quickly detect and containing breaches that do occur. Another example of a cost saving preemptive measure is establishing an incident response team. The study found that having and engaging an internal incident response team reduces the cost per compromised record by $16, from $158 to $142.