The three critical questions to ask after a security breach in your records and information management system

by on July 8, 2009 · 0 Comment POSTED IN: HR Info Center

Investigation strategies for security breeches in your records and information management systems

In the event somebody does come in and has a concern about the potential security breach of your records and information management system. There are lots of questions you would end up asking.

There are three important questions that you can ask right upfront and you’ll get probably 80% of the information you’ll need to know. If that person comes in and says, “Oh my Gosh, we have a stolen laptop,” here are the three questions you would ask.

  1. What types of data were on the laptop?
  2. Initially you’re going to focus on the big three elements in records and information management we discussed for data security breach laws. The first element being name and/or Social Security number. Second, driver’s license or state identification card number. Third, financial account information with PIN or password. So, focus on those three first and find out if those types of data were on the laptop.

  3. Where do the affected individuals live?
  4. So, looking at the information on the laptop, whose information was included on it, where do they live? That will help you identify the state laws you need to look at to figure out if there are other elements you need to think of about too. For example in North Dakota, mother’s maiden name or date of birth. So find out where the affected individuals live.

  5. Is the records and information management data encrypted?
  6. For instance, many companies are making a big push right now to get encryption on their laptops and that’s very much a recommended practice if you can do it. Many, many breaches as you know from reading the paper result from lost or stolen laptop. There is an exception under most of the state laws that if the stolen data is encrypted, for instance if all of the covered data on the stolen laptop – we’re discussing here is encrypted – you may not even need to give notice. But again, you need to look at the state laws of the state in which the affected individual live to figure that out.

Now of course, this is isn’t everything you need to know with a security breach of your records and information management system. But if you ask these three questions right away, you’ll start getting most of the information you need. And you’ll know what other state laws you need to check to see if there are any other details you need to consider.

Edited remarks from the Rapid Learning Institute webinar: “Identity Theft: What HR Can Do To Protect Sensitive Employee Data” by Christine E. Lyon, Esq.

Leave a Reply


Request a Free Demo

We'd love to show you how this industry-leading training system can help you develop your team. Please fill out this quick form or give us a call at 877-792-2172 to schedule your one-on-one demo with a Rapid Learning Specialist.