New RI Data Law Effecting Small Businesses:
A Rhode Island law went into place about 9 months ago requiring small businesses to have what we would consider “basic data protections” in place, securing sensitive employee or client information. This effects any business that keeps sensitive information locally – like social security numbers, date of birth, etc. Unfortunately, this does increase the cost of being a small business in RI. The long and short of it:
- Businesses must have all relevant data encrypted.
- Businesses must have the means to detect a data breach. Usually, this is achieved through a managed firewall, incurring a monthly fee.
- If businesses are emailing sensitive data, emails must be encrypted.
- Depending on the size of the business, this may incur an additional monthly fee (the last time we looked it was $5/email address/month).
- Hopefully, all businesses already have and maintain backups and a disaster recovery plan.
- Businesses must also have a written data protection plan, including a plan to notify victims in the event of a breach.
Source 1: http://www.glospeycomputers.com/blog/ri-data-law-effecting-small-businesses-referrals
Source 2: https://www.radarfirst.com/blog/now-in-effect-rhode-islands-new-data-breach-notification-law