[goneil2024]

In this day and age, companies that possess your personally identifiable information (“PII”) are required to notify you when there is a hack/data breach.

Many of us may not be aware:

1. The reporting and individual notice requirements of a data breach vary by state. Now all 50 states have regulations governing who, what and when notifications must be sent. However, the regulations are not all the same.
2. The residence state of the individual/entity governs the notice requirements not the location of the company that has the PII.
3. The nature of the PII and the number of accounts hacked as detailed in the resident state regulations will determine if the individual must be notified.
4. Depending on 1-3 above the firm that held the PII may be required to offer credit monitoring to those impacted for some period of time.

Life is complicated, and modern life is even more complicated so it’s best to take all the precautions that you can to safeguard PII. Some precautions we can take include:

1. Using multi-factor authentication (“MFA”) where you must verify access using two systems.
2. Changing passwords on a regular basis.
3. Being deliberate when responding to TXT, email and other communication to prevent disclosing PII to nefarious actors that will use it to hack your system.

This is big business and there are tools out there to help, avoid, prevent, educate and transfer the risks. The first step is knowledge and being aware of the issue.