Breach Notification Law Letter
Heartland issues breach notification letters after computer theft
Data breach is the incident where data is stolen from any system. This is done hiding from authorization and knowledge of system’s owners. A data breach notification letter is sent from the company to customers or employees notifying about various data breaches involved.
The following study demonstrates the incident of the “Heartland Payment System” that was notified that their data might be compromised. The event took place on May 8, 2015, when the issues breach notification letter as the computer theft took place.
The letter revealed that data exposure occurred because of a break-in at an office that included stolen computers. It exposed about 130 million credit and debit cards of United States.
There have been specific laws that have been alleged to be violated as mentioned in the breach notification letter. The first one was the Merchant Bill of Rights, of which Heartland has been the founding supporter. It is an initiative of public advocacy educating merchants regarding fair debit and credit card processing (Sloan & Warner, 2017). Another law that was broken was Sales Professional Bill of Rights. This right was meant to advocate rights of sales professionals at every place.
Various items like password protected computers of Heartland got stolen. There, a social security number and information regarding bank account were processed by an employer. Here law enforcement agencies and federal and state regulators were responsible for assisting Heartland to find the way to go through with the matter quickly. They continued to analyze the case carefully. Thus they enhanced their review procedures and internal security. This helped them to watch unusual activities (Bisogni, 2016). The letter was set to make aware of the abundance of caution. This was useful to undertake steps to protect information away from unauthorized usage. These steps were put down in details within enclosed state notification requirements.
Various appropriate responses to the message that is to be sent to the victim are discussed hereafter.
Public Persona
It controls public record databases for addresses, aliases and names related to social security number. Here the records include court proceedings, state technical license data and various data sources (Weiss & Miller, 2015).
Quick Cash Scan
It controls numerous cash-advance and short-term loan sources like payday lenders and rent-to-own. They are also called “non-credit” loans since the application process never includes a credit check and make that easy to use fraudulent or stolen identity data.
$1 Million Identity Theft Insurance
This must help Heartland for their out-of-pocket costs summed up to one million in legal expenses for stolen identity event. Here all the coverage gets subjected to exclusions and conditions in that policy.
Thus the study shows that the letter has been intentionally vague, serving the basic to those affected to avoid confusion. Irrespective of the possibilities, it cannot be determined that the breach left unencrypted data at risk (Pierce, 2015). Hence as a part of their ongoing commitment to security, Heartland has started to encrypt most of the computers.
References
Bisogni, F. (2016). Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?. Journal of Information Policy, 6(1), 154-205.
Pierce, J. C. (2015). Shifting data breach liability: a congressional approach. Wm. & Mary L. Rev., 57, 975.
Sloan, R. H., & Warner, R. (2017). How Much Should We Spend to Protect Privacy?: Data Breaches and the Need for Information We Do Not Have.
Weiss, N. E., & Miller, R. S. (2015, February). The target and other financial data breaches: Frequently asked questions. In Congressional Research Service, Prepared for Members and Committees of Congress February (Vol. 4, p. 2015).
