The topic of digital security is reaching a boiling point following a recent rash of high-profile data leaks.

Right now, for instance, sports fans in the tri-state area are waiting to learn what will become of New York Giants star defender Jason Pierre-Paul, who is still hospitalized following a July 5 fireworks accident. The real question, however, other than Pierre-Paul’s well-being, is how the story—which should have been kept private—leaked to the public. Soon after being hospitalized, ESPN received—and published—a copy of Pierre-Paul’s medical record, which detailed the injuries he sustained from the accident. In response, the hospital is now pursuing an “aggressive investigation” into the HIPAA violation, which contributed to the Giants pulling back a $60 million contract offer to the ballplayer.

The incident brings up a lot of questions related to the hospital’s data security policy. It remains to be seen, for instance, whether the hospital had the appropriate safeguards to protect patient data like strong access controls for employees and data encryption for digital files. The fact is that the hospital is now embroiled in a major controversy following the incident, and could face steep penalties in addition to the firestorm of negative media attention surrounding it.

The story was the icing on the cake last week in regard to data security, as we also learned that hackers obtained the personal information—including Social Security numbers—of at least 21 million Americans, stemming from a recent breach of U.S. government computer systems.

Further, news also broke last week that two U.S. telecom companies—YourTel America and TerraCom—must now pay a combined $3.5 million after the U.S. Federal Communications Commission discovered the companies were storing customers’ personal data on unprotected servers. According to the FCC ruling, the company failed to protect the data of at least 300,000 customers.

Now, here’s why you, as a business owner in Connecticut, should care about such stories:

Recently, Connecticut amended law S.B. 949 to hold businesses that store health-related or personally identifiable information more accountable for keeping private data safe.

Under the amended law, Connecticut became the first state to require any business that experiences a data breach to notify the individuals involved within 90 days of the incident. As of July 1, complementary identity monitoring and damage control services must also be offered if the theft involves Social Security numbers. It is also the responsibility of the business to provide information to entangled consumers on how to undergo a personal credit freeze.

In addition, as of July 1, businesses that contract with state agencies will have new requirements for protecting digital information. Should a state agency supply a contracted business with private identification numbers, financial data, personal or contact information, that business must undergo a “comprehensive data security program.” This program includes security training for employees, reviews, and access controls for harboring digital information. And that’s not all: Contracted entities must also store data on fully monitored, updated servers.

Other notable updates include:

• Mandatory “kill switches” for smartphones: Now, all smartphones sold in Connecticut must include software or hardware that can disable a phone in the event it is lost or stolen.
• New data security requirements for healthcare providers: Health insurance entities must now annually update their information security programs to protect personally identifiable information. Businesses in this space must now submit annual compliance reports to the Connecticut Insurance Department. The update will take effect on October 1.

As this incident proves, lawmakers are cracking down on negligent data storage practices to better protect patients and consumers. All Connecticut business owners, regardless of industry, should take this time to assess their data storage policies to ensure that they are up to date with the latest security mandates.

So don’t let your business garner any negative publicity from a data breach. Instead, focus on preventing one before it happens. Click here to learn more about how Apex Technology Services of Norwalk, Connecticut, can help keep you and your customers safe online.