breach

Article Dean Dorton

Did you know that most higher education institutions will be required to meet new data protection standards starting May 25, 2018?

The European Union’s General Data Protection Regulation (GDPR) will affect institutions that recruit EU students, have alumni or donors residing in the EU, or offer study abroad programs there.  It is not yet clear how the regulations will be enforced and penalties assessed against U.S. institutions, but the maximum fine can be up to 20 million Euros based on severity and other factors.

Institutions are encouraged to get out in front of this regulation before it arrives at their doorstep!  Below are some of the specific data protection requirements that may be different than what you currently have in place:

  • Must obtain consent before collecting data from someone.
  • Must notify affected persons of a data breach within 72 hours.
  • Must provide data subjects a free electronic copy of their personal data when requested.
  • Data subjects have the right to be “forgotten”, meaning erasure of their personal data and cessation of its dissemination.
  • Must allow personal data to be portable in an electronic format for the subject’s own use.
  • Data systems must be built with privacy by design using appropriate technical security measures.
  • A qualified Data Protection Officer must be appointed by organizations that process personal data and have over 250 employees.

If you would like more information on these new standards or would like assistance in assessing your readiness for GDPR, please contact Jason Whitaker at jwhitaker@ddaftech.com or Megan Crane at mcrane@deandortonstg.wpenginepowered.com.

Article Dean Dorton

Are you one of 143 million people (the equivalent of approximately 1 in 2 Americans) who have potentially been impacted by the Equifax cyber breach? Equifax, one of three major credit reporting agencies, announced yesterday that personal information, including but not limited to social security numbers, driver’s license numbers, and credit card numbers, has potentially been compromised for up to 143 million people.

Was your personal information compromised? Click the button below to access Equifax’s website to determine if you are at risk:

Check Potential Risk

If you were potentially impacted, Equifax will enroll you in a one-year credit monitoring and identity theft protection plan. Be sure to read the legal disclaimer before completing the enrollment.

In the coming weeks and months, be extra skeptical of any emails you receive regarding this matter. Scammers will try to capitalize on this situation and launch many phishing attacks.

UPDATE, 9/11/17

We have received many follow-up questions and comments from concerned individuals. We have also continued to monitor critical news and updates. We want to provide our clients and contacts with some additional follow-up items.

  1. A number of people have raised concerns about using the Equifax free one-year monitoring service. Some indicate that the legal disclaimer states that you will be waiving your rights to any legal action. Others have expressed concerns about their ability to protect your information.
    • Equifax has clarified the concern about their standard legal language in their terms of use, indicating that those limitations do not apply to the cyber incident. However, if you are still concerned, you have the option of mailing in a letter with an opt-out notice for the arbitration clause.
    • If you are concerned about providing Equifax with your information for the free monitoring, you can consider using another trusted source for credit and identity theft monitoring service. There may be fees associated with these services.
  2. Many people have asked what else they can or should do. The Federal Trade Commission offers some additional steps to consider, such as:
    • Monitor your credit reports from all three service bureaus
    • Consider placing a credit freeze on your files
    • Monitor your banks accounts and credit cards closely
    • Consider placing a fraud alert on your files
    • File your taxes early
  3. Be VERY cautious and skeptical of any emails or phone calls you receive regarding this. Confirm that any communication is from a trusted source and review any links before clicking them to be sure they are routing you to the intended location and not rerouting you to a false site to steal more information.

For any questions or concerns related to cybersecurity and user awareness, please contact Jason Miller, Director of Business Consulting Services at jmiller@ddaftech.com or 859-425-7626.