The Privacy Professional

Data breaches are happening more frequently than most companies are willing to admit. Labcorp, one the nation’s largest medical diagnostic companies, released a statement yesterday stating that it is investigating a possible Data breach that may have occurred over the weekend. I applaud Labcorp for coming forth so early in the breach response process. What sets a company apart from pack is not only their efforts to prevent and breaches,  but how the structure their breach response polices. More than ever it is essential that effected parties are notified as soon as possible,  to prevent further harm to the party and further reputational harm to the company. You can read more about the Labcorp data breach clicking the hyperlinked text.

In the EU, individual privacy and data protection have been a fundamental rights for quite some time and is now a way of life under GDPR .  Data protection in the U.S. is a fairly new concept. In 2003, California was the first state to pass a data protection law. Since then, 48 other states have followed suit by passing data protection laws that protect the personal data of their respective residents. South Dakota is not the last state, but by passing SB 62 in February of this year it is still pretty late to the data protection party. Class of the protected individuals The bill applies to individuals residing in the state. Individual Rights Individuals have the right to have their personally identifiable information (PII) from being acquired by an unauthorized parties (breach ). PII is defined as “ computerized data ” consisting of first name (or first initial) and last names AND one of the following : Identification number (such as social security numbers