Data Security strategy has often been the result of government mandated compliance requirements. With regulations governing the use of payment cards ( PCI ) to healthcare industry information ( HIPAA ), services such as hosted laptop encryption, data loss prevention, endpoint security, firewalls and other data security offerings have acted as “insurers” to safety and privacy. While at one point, such protection may have appeared to be a luxury, consequential punishments as a result of these government mandates have made data security measures a necessity in regulated industries.
Reprimands included fines and penalties, but the most feared consequence was the fact that an organization had to publicly announce an IT Security breach, effectively creating a PR nightmare and potentially costing a local government or company millions in lost revenue and law suits.
Until recently, local government agencies (city/county) enjoyed the comfort of not being subjected to public breach announcements. So, local constituents and citizens would remain none the wiser in the event that their personal information had been subject to a breach of privacy or ID theft. However, that is no longer the case, with the advent of the bill ” AB1149 “.
AB1149 puts local government agencies in the same playing field as the state and private sectors. Under AB1149, local agencies now must publicly disclose any type of security breach in which citizen privacy and/or information has been compromised. Citizens can now rest assured that they will be notified, across the board, if they need to take action to protect themselves from further invasion of privacy.
AB1149 has not only increased transparency for the better within our local government, it has also created empowered citizens with the right to know. County and city governments are now in the mode of evaluating data security options. There are several Data Security Best Practices for AB1149 that agencies can evaluate as a fit for their IT security strategy, and in the event that they have never invested in a penetration test or a vulnerability assessment, it’s now time to do so. A few timely steps can go a long way towards preventing a data breach and a AB1149 negative PR campaign.